如何在同一台服务器上提供 Web 服务的同时通过 wireguard 发出出站请求?

如何在同一台服务器上提供 Web 服务的同时通过 wireguard 发出出站请求?

我想通过 wireguard 发出出站请求,同时在同一台服务器上提供 Web 服务。这意味着如果有请求到达 ens3 ,响应将以相同的方式返回。但如果我在服务器上发出请求,它将通过 wireguard。
下面是我的 wg0.conf 文件,我没有做任何其他事情,只是一个干净的 vultr vps 安装了 wireguard 然后用它wg-qucik up wg0来启动 wireguard,但我会失去 ssh 连接并必须重新启动服务器。

启动 wireguard 之前的网络。

[Interface]
PrivateKey = =====================================
Address = 172.16.0.2
DNS = 1.1.1.1
Table = off


PostUp = iptables -t mangle -A PREROUTING -i ens3 -j MARK --set-mark 51820
PostUp = iptables -t mangle -A PREROUTING -i ens3 -j CONNMARK --save-mark
PostUp = iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
PostUp = wg set wg0 fwmark 51820
PostUp = ip -4 route add 0.0.0.0/0 dev wg0 table 51820
PostUp = ip -4 rule add not fwmark 51820 table 51820
PostUp = ip -4 rule add table main suppress_prefixlength 0
PostUp = sysctl -q net.ipv4.conf.all.src_valid_mark=1



PostDown = iptables -t mangle -D PREROUTING -i ens3 -j MARK --set-mark 51820
PostDown = iptables -t mangle -D PREROUTING -i ens3 -j CONNMARK --save-mark
PostDown = iptables -t mangle -D OUTPUT -j CONNMARK --restore-mark
PostDown = ip -4 rule del not fwmark 51820 table 51820
PostDown = ip -4 rule del table main suppress_prefixlength 0


[Peer]
PublicKey = ====================================
Endpoint = 111.111.111.111:1111
AllowedIPs = 0.0.0.0/0

ip route show table 51820启动 wireguard 之前的网络,由于 ssh 连接丢失而无法提供信息

root@vultr:~# ip -br link
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
ens3             UP             56:00:02:a2:21:7b <BROADCAST,MULTICAST,UP,LOWER_UP>
root@vultr:~# ip -br address
lo               UNKNOWN        127.0.0.1/8 ::1/128 
ens3             UP             139.180.155.252/23 fe80::5400:2ff:fea2:217b/64
root@vultr:~# ip rule
0:  from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default
root@vultr:~# ip route
default via 139.180.154.1 dev ens3 proto dhcp src 139.180.155.252 metric 100 
139.180.154.0/23 dev ens3 proto kernel scope link src 139.180.155.252 
169.254.169.254 via 139.180.154.1 dev ens3 proto dhcp src 139.180.155.252 metric 100 

启动 wireguard 后进行本地虚拟机测试

root@Ubuntu:/etc/wireguard# ip -br link
lo               UNKNOWN        00:00:00:00:00:00 <LOOPBACK,UP,LOWER_UP> 
enp0s5           UP             00:1c:42:33:19:d9 <BROADCAST,MULTICAST,UP,LOWER_UP> 
wg0              UNKNOWN        <POINTOPOINT,NOARP,UP,LOWER_UP> 
root@Ubuntu:/etc/wireguard# ip -br address
lo               UNKNOWN        127.0.0.1/8 
enp0s5           UP             192.168.123.6/24        
wg0              UNKNOWN        172.16.0.2/32 
root@Ubuntu:/etc/wireguard# ip rule
0:  from all lookup local 
32764:  from all lookup main suppress_prefixlength 0 
32765:  not from all fwmark 0xca6c lookup 51820 
32766:  from all lookup main 
32767:  from all lookup default 
root@Ubuntu:/etc/wireguard# ip route
default via 192.168.123.1 dev enp0s5 proto dhcp metric 20100 
169.254.0.0/16 dev enp0s5 scope link metric 1000 
192.168.123.0/24 dev enp0s5 proto kernel scope link src 192.168.123.6 metric 100 
root@Ubuntu:/etc/wireguard#  ip route show table 51820
default dev wg0 scope link 

相关内容