I’m just beginning to dig into wireguard and iptables to hide my node’s public ip and increase security.
Right now I have my docker container routed to it’s own subnet that gets routed to my wireguard interface. Similar to this tutorial https://www.eisfunke.com/article/docker-wireguard-systemd.html.
I’m able to ping the internet from within the storj docker container and receive the right ip (VPS public).
What I can’t do is access my ports 14002, 28967 and my node isn’t getting any traffic. I’m not experienced with iptables and I’m not sure what I need to do.
VPS wg0.conf
[Interface]
Address = 10.213.213.1/24
ListenPort = 51820
PrivateKey = *
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i %i -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i %i -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
[Peer]
PublicKey = *
PresharedKey = *
AllowedIPs = 10.213.213.2/32
Endpoint = cake.hello.cookie:51820
Home storj node wg config systemd-networkd wg1.network:
[Match]
Name = wg1
[Network]
Address = 10.213.213.2/32
DNS = 1.1.1.1
[RoutingPolicyRule]
From = 10.10.40.0/24
Table = 242
Priority = 20
[Route]
Gateway = 10.213.213.1
#Destination = 10.213.213.0/24
GatewayOnlink = true
Table = 242
[Route]
Destination=0.0.0.0/0
Type=blackhole
Metric=1
Table=242