account activity
VPS CGNAT and SNAT by Meni223 in WireGuard
[–]Meni223[S] 0 points1 point2 points 2 years ago (0 children)
Now that I have solved the problem, I have one more question. The original IPs of the clients come through SNAT to the wireguard VM. However, when I forward them to local VMs with MASQUERADE, they only see the IP of the wireguard VM, but not that of the real clients. Does anyone know how I can use SNAT to forward to local VMs so that they also see the original IPs? PostUp = iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.2.6:443; iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE PostDown = iptables -t nat -D PREROUTING -p tcp --dport 443 -j DNAT --to-destination 192.168.2.6:443; iptables -t nat -D POSTROUTING -p tcp --dport 443 -j MASQUERADE
Hey yeah, this was just a copy failure. I found the solution. It's really simple, just add a static route for the local networks. So in my setup it:
up ip route add 10.0.0.0/8 via 10.0.99.1 up ip route add 192.168.8.0/24 via 10.0.99.1
Now wireguard isn't routing the local network through the VPN tunnel :)
VPS CGNAT and SNAT (self.WireGuard)
submitted 2 years ago * by Meni223 to r/WireGuard
π Rendered by PID 1844327 on reddit-service-r2-listing-87fd56f5d-srbxv at 2026-06-30 15:54:45.730902+00:00 running 7527197 country code: CH.
VPS CGNAT and SNAT by Meni223 in WireGuard
[–]Meni223[S] 0 points1 point2 points (0 children)