#ipv6 ibgp wireguard #Server PrivateKey #Server Publickey [Interface] PrivateKey = Address = 2a12:bec0:210:2::1/64,172.23.10.1/30 #Local Interface addresses ListenPort = 51819 MTU = 1430 #MTU supported on a standard GPON network PreUp = iptables -t nat -A PREROUTING -d -p tcp --dport 1:65000 -j DNAT --to-destination 172.23.10.2 #Forward all TCP ports on external IP to Peers Address PreUp = iptables -t nat -A PREROUTING -d -p udp --dport 1:65000 -j DNAT --to-destination 172.23.10.2 #Forward all UDP ports on external IP to Peers Address PreUp = iptables -t nat -A POSTROUTING -s 172.23.10.2/30 -j SNAT --to-source #Add SNAT (source NAT) rule for outgoing traffic PreUp = ip6tables -A FORWARD -i ens18 -o wg1 -j ACCEPT #allow BGP'd traffic between interfaces PreUp = ip6tables -A FORWARD -i wg1 -o ens18 -j ACCEPT PreUp = ip6tables -A FORWARD -i wg1 -o wg2 -j ACCEPT PreUp = ip6tables -A FORWARD -i wg1 -o wg3 -j ACCEPT PreUp = ip6tables -A FORWARD -i wg1 -o wg4 -j ACCEPT PreUp = ip6tables -A FORWARD -i wg1 -o wg5 -j ACCEPT PreUp = ip6tables -A FORWARD -i wg1 -o wg9 -j ACCEPT PreUp = ip6tables -A FORWARD -i wg1 -o wg10 -j ACCEPT PreUp = ip6tables -A FORWARD -i wg1 -o nat64 -j ACCEPT PreUp = ip6tables -A FORWARD -i nat64 -o wg1 -j ACCEPT #Same as above but removing rules PostDown = ip6tables -D FORWARD -i nat64 -o wg1 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o nat64 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o wg2 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o wg3 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o wg4 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o wg5 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o wg9 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o wg10 -j ACCEPT PostDown = ip6tables -D FORWARD -i ens18 -o wg1 -j ACCEPT PostDown = ip6tables -D FORWARD -i wg1 -o ens18 -j ACCEPT PostDown = iptables -t nat -D PREROUTING -d -p tcp --dport 1:65000 -j DNAT --to-destination 172.23.10.2 PostDown = iptables -t nat -D PREROUTING -d -p udp --dport 1:65000 -j DNAT --to-destination 172.23.10.2 PostDown = iptables -t nat -D POSTROUTING -s 172.23.10.2/30 -j SNAT --to-source [Peer] #PublicKey = PublicKey = AllowedIPs = 2a12:bec0:210:2::2/64,2a12:bec0:214::/48,172.23.10.2/30