我的对等方连接到我的服务器,但我的对等方无法访问互联网,而我的服务器可以。
我的 wg0.conf 文件
[Interface]
Address = 192.168.0.81/24
ListenPort = 41194
PrivateKey = MY_KEY
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o NIC1bond -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o NIC1bond -j MASQUERADE
[peer]
PublicKey = MY_KEY
AllowedIPs = 192.168.0.102/32
[peer]
PublicKey = MY_KEY
AllowedIPs = 192.168.0.178/32
输出
interface: wg0
public key: oZyGGSJMOWVHEBgh65aQJgVXy7lccabOD97rO06pJTA=
private key: (hidden)
listening port: 41194
peer: LEiIVzxbHQFKLZkS7WcVPS+As//CXrbBBPpYJUVH2Cc=
endpoint: 192.168.0.102:41194
allowed ips: 192.168.0.102/32
latest handshake: 16 minutes, 46 seconds ago
transfer: 84.96 KiB received, 1.14 KiB sent
peer: dgCw/u6UcB0jL3zeV7h1tWRP+YcLqkj6PV9fBr/8pEs=
allowed ips: 192.168.0.178/32
因此,您看到了传输,因此它已连接,但我的对等端没有互联网访问。
答案1
也许会丢失
我们启用转发:
sysctl -w net.ipv4.ip_forward=1
我们添加了防火墙规则,这对于从服务器访问 Internet 至关重要:
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 51820 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -s 192.168.0.102/32 -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -s 192.168.0.102/32 -p udp -m udp --dport 53 -m conntrack --ctstate NEW -j ACCEPT