"Jason A. Donenfeld" <ja...@zx2c4.com> writes: > Hey Konstantin, > > When you're doing policy routing with packets that are being forwarded > by the system -- a router, for example -- then the prerouting table is > sufficient. But for locally generated packets, you have to use the > OUTPUT table and also probably MASQUERADE. I just reproduced > everything here and confirm this works: > > ip route add default dev wg0 table 2468 > ip rule add fwmark 1234 table 2468 > wg set wg0 peer [...] allowed-ips 0.0.0.0/0 > sysctl net.ipv4.conf.wg0.rp_filter=0 > iptables -t nat -A POSTROUTING -p tcp --dport 22 -m addrtype > --src-type LOCAL -j MASQUERADE > iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark 1234
Any reason why you can't just do ip rule add dport 22 lookup 2468 ? -Toke _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard