Alright, so 1.35 is the dietpi itself on the lan. Which DNS server is it running? Pihole or something else? If it is Pihole, so you have configured it to accept queries from all interfaces and all sources?
As for the last tcpdump to 8.8.4.4 which had no packets, did you try to initiate any traffic to that destination while running the tcpdump?
Yes its on the same dietpi the DNS (192.168.1.35)
I have Adguard i dont know how to modifiy probaably this file? â/mnt/dietpi_userdata/adguardhome/AdGuardHome.yamlâ
dns:
bind_hosts:
- 0.0.0.0
port: 53
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
upstream_dns_file: /mnt/dietpi_userdata/adguardhome/dietpi-unbound.conf
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: true
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet:
custom_ip: ""
enabled: false
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
âAs for the last tcpdump to 8.8.4.4 which had no packets, did you try to initiate any traffic to that destination while running the tcpdump?â
yes but nothing happen 
Letâs tackle the issues independently.
Run this on dietpi
iptables-save -c
a lot of shit
root@DietPi:~# iptables-save -c
# Generated by iptables-save v1.8.7 on Tue Apr 4 15:04:35 2023
*mangle
:PREROUTING ACCEPT [95934:25239205]
:INPUT ACCEPT [95783:25231644]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [83925:14699598]
:POSTROUTING ACCEPT [83946:14700757]
COMMIT
# Completed on Tue Apr 4 15:04:35 2023
# Generated by iptables-save v1.8.7 on Tue Apr 4 15:04:35 2023
*filter
:INPUT ACCEPT [95783:25231644]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [83925:14699598]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[0:0] -A FORWARD -j DOCKER-USER
[0:0] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[0:0] -A FORWARD -d 10.6.0.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.6.0.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -i wg0 -o eth0 -j ACCEPT
[0:0] -A FORWARD -i eth0 -o wg0 -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 3000 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[0:0] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[0:0] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Tue Apr 4 15:04:35 2023
# Generated by iptables-save v1.8.7 on Tue Apr 4 15:04:35 2023
*nat
:PREROUTING ACCEPT [2579:315801]
:INPUT ACCEPT [2428:308240]
:OUTPUT ACCEPT [11476:847143]
:POSTROUTING ACCEPT [6936:458858]
:DOCKER - [0:0]
[720:49016] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[324:19612] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[0:0] -A POSTROUTING -s 10.6.0.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 3000 -j MASQUERADE
[3900:340212] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9002 -j DNAT --to-destination 172.17.0.2:9000
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 3000 -j DNAT --to-destination 172.17.0.3:3000
COMMIT
# Completed on Tue Apr 4 15:04:35 2023
Okay nothing is blocked on the firewall ingress.
Letâs see if dns works. Run tcpdump -i any -n -s 0 port 53 and host 10.6.0.2
Then try to browse to some site from your phone.
root@DietPi:~# tcpdump -i any -n -s 0 port 53 and host 10.6.0.2
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
16:11:13.633265 wg0 In IP 10.6.0.2.45400 > 192.168.1.35.53: 50605+ A? clients4.google.com. (37)
16:11:13.633273 wg0 In IP 10.6.0.2.5168 > 192.168.1.35.53: 64194+ Type65? clients4.google.com. (37)
16:11:13.635716 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.5168: 64194 1/1/0 CNAME clients.l.google.com. (111)
16:11:13.636395 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.45400: 50605 2/0/0 CNAME clients.l.google.com., A 142.250.180.142 (77)
16:11:15.619944 wg0 In IP 10.6.0.2.12307 > 192.168.1.35.53: 34754+ A? www.reddit.com. (32)
16:11:15.619948 wg0 In IP 10.6.0.2.21152 > 192.168.1.35.53: 757+ Type65? www.reddit.com. (32)
16:11:15.819931 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.12307: 34754 2/0/0 CNAME reddit.map.fastly.net., A 146.75.53.140 (83)
16:11:15.876815 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.21152: 757 1/1/0 CNAME reddit.map.fastly.net. (125)
16:11:30.098351 wg0 In IP 10.6.0.2.38480 > 192.168.1.35.53: 65452+ A? www.google.com. (32)
16:11:30.098358 wg0 In IP 10.6.0.2.40621 > 192.168.1.35.53: 2449+ Type65? www.google.com. (32)
16:11:30.099963 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.40621: 2449 1/0/0 Type65 (57)
16:11:30.101314 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.38480: 65452 1/0/0 A 142.251.209.36 (48)
16:11:55.458051 wg0 In IP 10.6.0.2.61046 > 192.168.1.35.53: 36822+ AAAA? ssl.google-analytics.com. (42)
16:11:55.458212 wg0 In IP 10.6.0.2.12361 > 192.168.1.35.53: 18096+ A? ssl.google-analytics.com. (42)
16:11:55.459731 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.61046: 36822 1/0/0 AAAA :: (70)
16:11:55.460038 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.12361: 18096 1/0/0 A 0.0.0.0 (58)
16:12:06.281208 wg0 In IP 10.6.0.2.22436 > 192.168.1.35.53: 3145+ A? a.nel.cloudflare.com. (38)
16:12:06.281215 wg0 In IP 10.6.0.2.28252 > 192.168.1.35.53: 59547+ Type65? a.nel.cloudflare.com. (38)
16:12:06.454777 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.22436: 3145 1/0/0 A 35.190.80.1 (54)
16:12:06.458212 wg0 Out IP 192.168.1.35.53 > 10.6.0.2.28252: 59547 0/1/0 (89)
Looks good as well. Now try this and try again to browse to icanhazip.com
tcpdump -i any -vn host 104.18.114.97 or host 104.18.115.97
root@DietPi:~# tcpdump -i any -vn host 104.18.114.97 or host 104.18.115.97
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
17:15:23.880020 wg0 In IP (tos 0x0, ttl 255, id 64711, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [SEW], cksum 0x9184 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383038828 ecr 0,nop,wscale 9], length 0
17:15:23.880147 tun1 Out IP (tos 0x0, ttl 254, id 64711, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [SEW], cksum 0x9184 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383038828 ecr 0,nop,wscale 9], length 0
17:15:24.906714 wg0 In IP (tos 0x0, ttl 255, id 64712, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x8e41 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383039855 ecr 0,nop,wscale 9], length 0
17:15:24.906852 tun1 Out IP (tos 0x0, ttl 254, id 64712, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x8e41 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383039855 ecr 0,nop,wscale 9], length 0
17:15:26.122962 wg0 In IP (tos 0x0, ttl 255, id 52067, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47050 > 104.18.115.97.443: Flags [S], cksum 0x11e4 (correct), seq 2082421660, win 65535, options [mss 1240,sackOK,TS val 2383041071 ecr 0,nop,wscale 9], length 0
17:15:26.123072 tun1 Out IP (tos 0x0, ttl 254, id 52067, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47050 > 104.18.115.97.443: Flags [S], cksum 0x11e4 (correct), seq 2082421660, win 65535, options [mss 1240,sackOK,TS val 2383041071 ecr 0,nop,wscale 9], length 0
17:15:26.186743 wg0 In IP (tos 0x0, ttl 255, id 49741, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47042 > 104.18.115.97.443: Flags [S], cksum 0x131e (correct), seq 3817067205, win 65535, options [mss 1240,sackOK,TS val 2383041135 ecr 0,nop,wscale 9], length 0
17:15:26.186885 tun1 Out IP (tos 0x0, ttl 254, id 49741, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47042 > 104.18.115.97.443: Flags [S], cksum 0x131e (correct), seq 3817067205, win 65535, options [mss 1240,sackOK,TS val 2383041135 ecr 0,nop,wscale 9], length 0
17:15:26.960756 wg0 In IP (tos 0x0, ttl 255, id 64713, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x8641 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383041903 ecr 0,nop,wscale 9], length 0
17:15:26.960843 tun1 Out IP (tos 0x0, ttl 254, id 64713, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x8641 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383041903 ecr 0,nop,wscale 9], length 0
17:15:30.991099 wg0 In IP (tos 0x0, ttl 255, id 64714, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x7681 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383045935 ecr 0,nop,wscale 9], length 0
17:15:30.991195 tun1 Out IP (tos 0x0, ttl 254, id 64714, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x7681 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383045935 ecr 0,nop,wscale 9], length 0
17:15:38.987380 wg0 In IP (tos 0x0, ttl 255, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x5740 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383053936 ecr 0,nop,wscale 9], length 0
17:15:38.987513 tun1 Out IP (tos 0x0, ttl 254, id 64715, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.44514 > 104.18.115.97.443: Flags [S], cksum 0x5740 (correct), seq 1793318690, win 65535, options [mss 1240,sackOK,TS val 2383053936 ecr 0,nop,wscale 9], length 0
17:15:42.574816 wg0 In IP (tos 0x0, ttl 255, id 13806, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42268 > 104.18.114.97.443: Flags [SEW], cksum 0x2034 (correct), seq 173425891, win 65535, options [mss 1240,sackOK,TS val 2523182837 ecr 0,nop,wscale 9], length 0
17:15:42.574929 tun1 Out IP (tos 0x0, ttl 254, id 13806, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42268 > 104.18.114.97.443: Flags [SEW], cksum 0x2034 (correct), seq 173425891, win 65535, options [mss 1240,sackOK,TS val 2523182837 ecr 0,nop,wscale 9], length 0
17:15:42.576982 wg0 In IP (tos 0x0, ttl 255, id 57424, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42284 > 104.18.114.97.443: Flags [SEW], cksum 0x7ae6 (correct), seq 3273470295, win 65535, options [mss 1240,sackOK,TS val 2523182839 ecr 0,nop,wscale 9], length 0
17:15:42.577084 tun1 Out IP (tos 0x0, ttl 254, id 57424, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42284 > 104.18.114.97.443: Flags [SEW], cksum 0x7ae6 (correct), seq 3273470295, win 65535, options [mss 1240,sackOK,TS val 2523182839 ecr 0,nop,wscale 9], length 0
17:15:43.597251 wg0 In IP (tos 0x0, ttl 255, id 57425, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42284 > 104.18.114.97.443: Flags [S], cksum 0x77ac (correct), seq 3273470295, win 65535, options [mss 1240,sackOK,TS val 2523183857 ecr 0,nop,wscale 9], length 0
17:15:43.597261 wg0 In IP (tos 0x0, ttl 255, id 13807, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42268 > 104.18.114.97.443: Flags [S], cksum 0x1cf8 (correct), seq 173425891, win 65535, options [mss 1240,sackOK,TS val 2523183857 ecr 0,nop,wscale 9], length 0
17:15:43.597409 tun1 Out IP (tos 0x0, ttl 254, id 57425, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42284 > 104.18.114.97.443: Flags [S], cksum 0x77ac (correct), seq 3273470295, win 65535, options [mss 1240,sackOK,TS val 2523183857 ecr 0,nop,wscale 9], length 0
17:15:43.597496 tun1 Out IP (tos 0x0, ttl 254, id 13807, offset 0, flags [DF], proto TCP (6), length 60)```Add this one
-A POSTROUTING -s 10.6.0.0/24 -o tun0 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
Thx, but nothing change
GNU nano 5.4 /var/lib/dietpi/dietpi-vpn/up.sh #!/bin/bash
# Clear this file completely, including line breaks, to have it removed
ip route add default via 192.168.1.1 table 100
ip rule add iif lo sport 1194 lookup 100 prio 15010
iptables -A POSTROUTING -s 10.6.0.0/24 -o tun0 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
ip rule add iif lo sport 51820 lookup 100 prio 15010
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -o eth0 -i wg0 -j ACCEPT
iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
iptables -A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wg0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P FORWARD DROP
#!/bin/bash
# Clear this file completely, including line breaks, to have it removed
ip route add default via 192.168.1.1 table 100
ip rule add iif lo sport 1194 lookup 100 prio 15010
iptables -A POSTROUTING -s 10.6.0.0/24 -o tun0 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
ip rule add iif lo sport 51820 lookup 100 prio 15010
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -o eth0 -i wg0 -j ACCEPT
iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
iptables -A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wg0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P FORWARD DROP
Output of iptables-save -c and follow again the same instruction here
root@DietPi:~# dietpi-vpn
root@DietPi:~# iptables-save -c
# Generated by iptables-save v1.8.7 on Tue Apr 4 21:30:31 2023
*mangle
:PREROUTING ACCEPT [46802:13736478]
:INPUT ACCEPT [39288:12256135]
:FORWARD ACCEPT [7514:1480343]
:OUTPUT ACCEPT [35171:6749696]
:POSTROUTING ACCEPT [42699:8230974]
COMMIT
# Completed on Tue Apr 4 21:30:31 2023
# Generated by iptables-save v1.8.7 on Tue Apr 4 21:30:31 2023
*filter
:INPUT ACCEPT [39288:12256135]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [35171:6749696]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[7514:1480343] -A FORWARD -j DOCKER-USER
[7514:1480343] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[0:0] -A FORWARD -d 10.6.0.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.6.0.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[7514:1480343] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -i eth0 -o tun0 -j ACCEPT
[0:0] -A FORWARD -i wg0 -o eth0 -j ACCEPT
[0:0] -A FORWARD -i eth0 -o wg0 -j ACCEPT
[0:0] -A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -i wg0 -o tun0 -j ACCEPT
[0:0] -A FORWARD -i tun0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 3000 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[7514:1480343] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[7514:1480343] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Tue Apr 4 21:30:31 2023
# Generated by iptables-save v1.8.7 on Tue Apr 4 21:30:31 2023
*nat
:PREROUTING ACCEPT [2243:307584]
:INPUT ACCEPT [742:66188]
:OUTPUT ACCEPT [3806:289497]
:POSTROUTING ACCEPT [4796:492431]
:DOCKER - [0:0]
[543:36862] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[105:6605] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[0:0] -A POSTROUTING -s 10.6.0.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[511:38462] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 3000 -j MASQUERADE
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9002 -j DNAT --to-destination 172.17.0.2:9000
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 3000 -j DNAT --to-destination 172.17.0.3:3000
COMMIT
# Completed on Tue Apr 4 21:30:31 2023
root@DietPi:~# tcpdump -i any -vn host 104.18.114.97 or host 104.18.115.97
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
21:30:54.447683 wg0 In IP (tos 0x0, ttl 255, id 4070, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [SEW], cksum 0x4727 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495964438 ecr 0,nop,wscale 9], length 0
21:30:54.447822 tun1 Out IP (tos 0x0, ttl 254, id 4070, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [SEW], cksum 0x4727 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495964438 ecr 0,nop,wscale 9], length 0
21:30:54.645580 wg0 In IP (tos 0x0, ttl 255, id 8423, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [SEW], cksum 0x734d (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495964621 ecr 0,nop,wscale 9], length 0
21:30:54.645719 tun1 Out IP (tos 0x0, ttl 254, id 8423, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [SEW], cksum 0x734d (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495964621 ecr 0,nop,wscale 9], length 0
21:30:55.494776 wg0 In IP (tos 0x0, ttl 255, id 4071, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x43f1 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495965452 ecr 0,nop,wscale 9], length 0
21:30:55.494957 tun1 Out IP (tos 0x0, ttl 254, id 4071, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x43f1 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495965452 ecr 0,nop,wscale 9], length 0
21:30:55.654584 wg0 In IP (tos 0x0, ttl 255, id 8424, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x700e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495965644 ecr 0,nop,wscale 9], length 0
21:30:55.654635 tun1 Out IP (tos 0x0, ttl 254, id 8424, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x700e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495965644 ecr 0,nop,wscale 9], length 0
21:30:57.805932 wg0 In IP (tos 0x0, ttl 255, id 4072, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x3bf1 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495967500 ecr 0,nop,wscale 9], length 0
21:30:57.806069 tun1 Out IP (tos 0x0, ttl 254, id 4072, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x3bf1 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495967500 ecr 0,nop,wscale 9], length 0
21:30:57.826861 wg0 In IP (tos 0x0, ttl 255, id 8425, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x680e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495967692 ecr 0,nop,wscale 9], length 0
21:30:57.826957 tun1 Out IP (tos 0x0, ttl 254, id 8425, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x680e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495967692 ecr 0,nop,wscale 9], length 0
21:31:01.582593 wg0 In IP (tos 0x0, ttl 255, id 4073, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x2c31 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495971532 ecr 0,nop,wscale 9], length 0
21:31:01.582723 tun1 Out IP (tos 0x0, ttl 254, id 4073, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x2c31 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495971532 ecr 0,nop,wscale 9], length 0
21:31:01.735096 wg0 In IP (tos 0x0, ttl 255, id 8426, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x584e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495971724 ecr 0,nop,wscale 9], length 0
21:31:01.735151 tun1 Out IP (tos 0x0, ttl 254, id 8426, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x584e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495971724 ecr 0,nop,wscale 9], length 0
21:31:13.082846 wg0 In IP (tos 0x0, ttl 255, id 8427, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x384e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495979916 ecr 0,nop,wscale 9], length 0
21:31:13.082916 tun1 Out IP (tos 0x0, ttl 254, id 8427, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49790 > 104.18.115.97.443: Flags [S], cksum 0x384e (correct), seq 4198842741, win 65535, options [mss 1240,sackOK,TS val 495979916 ecr 0,nop,wscale 9], length 0
21:31:13.089451 wg0 In IP (tos 0x0, ttl 255, id 4074, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x0b71 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495979916 ecr 0,nop,wscale 9], length 0
21:31:13.089516 tun1 Out IP (tos 0x0, ttl 254, id 4074, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49776 > 104.18.115.97.443: Flags [S], cksum 0x0b71 (correct), seq 1146823755, win 65535, options [mss 1240,sackOK,TS val 495979916 ecr 0,nop,wscale 9], length 0
21:31:26.362104 wg0 In IP (tos 0x0, ttl 255, id 35595, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [SEW], cksum 0xa1f1 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851123324 ecr 0,nop,wscale 9], length 0
21:31:26.362324 tun1 Out IP (tos 0x0, ttl 254, id 35595, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [SEW], cksum 0xa1f1 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851123324 ecr 0,nop,wscale 9], length 0
21:31:26.362400 wg0 In IP (tos 0x0, ttl 255, id 22728, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [SEW], cksum 0x0ad2 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851123327 ecr 0,nop,wscale 9], length 0
21:31:26.362673 tun1 Out IP (tos 0x0, ttl 254, id 22728, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [SEW], cksum 0x0ad2 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851123327 ecr 0,nop,wscale 9], length 0
21:31:27.378925 wg0 In IP (tos 0x0, ttl 255, id 22729, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0x0797 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851124346 ecr 0,nop,wscale 9], length 0
21:31:27.379040 tun1 Out IP (tos 0x0, ttl 254, id 22729, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0x0797 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851124346 ecr 0,nop,wscale 9], length 0
21:31:27.381827 wg0 In IP (tos 0x0, ttl 255, id 35596, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x9eb3 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851124346 ecr 0,nop,wscale 9], length 0
21:31:27.381880 tun1 Out IP (tos 0x0, ttl 254, id 35596, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x9eb3 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851124346 ecr 0,nop,wscale 9], length 0
21:31:29.454775 wg0 In IP (tos 0x0, ttl 255, id 35597, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x96b3 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851126394 ecr 0,nop,wscale 9], length 0
21:31:29.454892 tun1 Out IP (tos 0x0, ttl 254, id 35597, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x96b3 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851126394 ecr 0,nop,wscale 9], length 0
21:31:29.459494 wg0 In IP (tos 0x0, ttl 255, id 22730, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0xff96 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851126394 ecr 0,nop,wscale 9], length 0
21:31:29.459564 tun1 Out IP (tos 0x0, ttl 254, id 22730, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0xff96 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851126394 ecr 0,nop,wscale 9], length 0
21:31:33.458400 wg0 In IP (tos 0x0, ttl 255, id 22731, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0xefd4 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851130428 ecr 0,nop,wscale 9], length 0
21:31:33.458475 tun1 Out IP (tos 0x0, ttl 254, id 22731, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0xefd4 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851130428 ecr 0,nop,wscale 9], length 0
21:31:33.461693 wg0 In IP (tos 0x0, ttl 255, id 35598, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x86f1 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851130428 ecr 0,nop,wscale 9], length 0
21:31:33.461789 tun1 Out IP (tos 0x0, ttl 254, id 35598, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x86f1 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851130428 ecr 0,nop,wscale 9], length 0
21:31:41.705625 wg0 In IP (tos 0x0, ttl 255, id 35599, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x66b1 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851138684 ecr 0,nop,wscale 9], length 0
21:31:41.705674 tun1 Out IP (tos 0x0, ttl 254, id 35599, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49972 > 104.18.114.97.443: Flags [S], cksum 0x66b1 (correct), seq 2652308537, win 65535, options [mss 1240,sackOK,TS val 2851138684 ecr 0,nop,wscale 9], length 0
21:31:41.707706 wg0 In IP (tos 0x0, ttl 255, id 22732, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0xcf94 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851138684 ecr 0,nop,wscale 9], length 0
21:31:41.707836 tun1 Out IP (tos 0x0, ttl 254, id 22732, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.49978 > 104.18.114.97.443: Flags [S], cksum 0xcf94 (correct), seq 1260449350, win 65535, options [mss 1240,sackOK,TS val 2851138684 ecr 0,nop,wscale 9], length 0
21:31:59.253030 wg0 In IP (tos 0x0, ttl 255, id 49582, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42282 > 104.18.115.97.443: Flags [SEW], cksum 0xa6a4 (correct), seq 374674216, win 65535, options [mss 1240,sackOK,TS val 496029191 ecr 0,nop,wscale 9], length 0
21:31:59.253033 wg0 In IP (tos 0x0, ttl 255, id 8059, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42286 > 104.18.115.97.443: Flags [SEW], cksum 0xf3dc (correct), seq 4001492413, win 65535, options [mss 1240,sackOK,TS val 496029192 ecr 0,nop,wscale 9], length 0
21:31:59.253179 tun1 Out IP (tos 0x0, ttl 254, id 49582, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42282 > 104.18.115.97.443: Flags [SEW], cksum 0xa6a4 (correct), seq 374674216, win 65535, options [mss 1240,sackOK,TS val 496029191 ecr 0,nop,wscale 9], length 0
21:31:59.253225 tun1 Out IP (tos 0x0, ttl 254, id 8059, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42286 > 104.18.115.97.443: Flags [SEW], cksum 0xf3dc (correct), seq 4001492413, win 65535, options [mss 1240,sackOK,TS val 496029192 ecr 0,nop,wscale 9], length 0
21:31:59.375179 wg0 In IP (tos 0x0, ttl 255, id 21211, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42300 > 104.18.115.97.443: Flags [SEW], cksum 0x5ef9 (correct), seq 3126244889, win 65535, options [mss 1240,sackOK,TS val 496029357 ecr 0,nop,wscale 9], length 0
21:31:59.375319 tun1 Out IP (tos 0x0, ttl 254, id 21211, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42300 > 104.18.115.97.443: Flags [SEW], cksum 0x5ef9 (correct), seq 3126244889, win 65535, options [mss 1240,sackOK,TS val 496029357 ecr 0,nop,wscale 9], length 0
21:32:00.245540 wg0 In IP (tos 0x0, ttl 255, id 49583, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42282 > 104.18.115.97.443: Flags [S], cksum 0xa35f (correct), seq 374674216, win 65535, options [mss 1240,sackOK,TS val 496030220 ecr 0,nop,wscale 9], length 0
21:32:00.245625 tun1 Out IP (tos 0x0, ttl 254, id 49583, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42282 > 104.18.115.97.443: Flags [S], cksum 0xa35f (correct), seq 374674216, win 65535, options [mss 1240,sackOK,TS val 496030220 ecr 0,nop,wscale 9], length 0
21:32:00.247016 wg0 In IP (tos 0x0, ttl 255, id 8060, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42286 > 104.18.115.97.443: Flags [S], cksum 0xf098 (correct), seq 4001492413, win 65535, options [mss 1240,sackOK,TS val 496030220 ecr 0,nop,wscale 9], length 0
21:32:00.247117 tun1 Out IP (tos 0x0, ttl 254, id 8060, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42286 > 104.18.115.97.443: Flags [S], cksum 0xf098 (correct), seq 4001492413, win 65535, options [mss 1240,sackOK,TS val 496030220 ecr 0,nop,wscale 9], length 0
21:32:00.424920 wg0 In IP (tos 0x0, ttl 255, id 21212, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42300 > 104.18.115.97.443: Flags [S], cksum 0x5b9a (correct), seq 3126244889, win 65535, options [mss 1240,sackOK,TS val 496030412 ecr 0,nop,wscale 9], length 0
21:32:00.425038 tun1 Out IP (tos 0x0, ttl 254, id 21212, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42300 > 104.18.115.97.443: Flags [S], cksum 0x5b9a (correct), seq 3126244889, win 65535, options [mss 1240,sackOK,TS val 496030412 ecr 0,nop,wscale 9], length 0
21:32:02.298130 wg0 In IP (tos 0x0, ttl 255, id 8061, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42286 > 104.18.115.97.443: Flags [S], cksum 0xe898 (correct), seq 4001492413, win 65535, options [mss 1240,sackOK,TS val 496032268 ecr 0,nop,wscale 9], length 0
21:32:02.298246 tun1 Out IP (tos 0x0, ttl 254, id 8061, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42286 > 104.18.115.97.443: Flags [S], cksum 0xe898 (correct), seq 4001492413, win 65535, options [mss 1240,sackOK,TS val 496032268 ecr 0,nop,wscale 9], length 0
21:32:02.304625 wg0 In IP (tos 0x0, ttl 255, id 49584, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42282 > 104.18.115.97.443: Flags [S], cksum 0x9b5f (correct), seq 374674216, win 65535, options [mss 1240,sackOK,TS val 496032268 ecr 0,nop,wscale 9], length 0
21:32:02.304710 tun1 Out IP (tos 0x0, ttl 254, id 49584, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42282 > 104.18.115.97.443: Flags [S], cksum 0x9b5f (correct), seq 374674216, win 65535, options [mss 1240,sackOK,TS val 496032268 ecr 0,nop,wscale 9], length 0
21:32:02.495846 wg0 In IP (tos 0x0, ttl 255, id 21213, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42300 > 104.18.115.97.443: Flags [S], cksum 0x539a (correct), seq 3126244889, win 65535, options [mss 1240,sackOK,TS val 496032460 ecr 0,nop,wscale 9], length 0
21:32:02.495926 tun1 Out IP (tos 0x0, ttl 254, id 21213, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.42300 > 104.18.115.97.443: Flags [S], cksum 0x539a (correct), seq 3126244889, win 65535, options [mss 1240,sackOK,TS val 496032460 ecr 0,nop,wscale 9], length 0
^C
58 packets captured
60 packets received by filter
0 packets dropped by kernel
Could it dare to bother that it has proton free?
The iptables rule is not there. Check if you made a typo in the configuration.
i dont know why
root@DietPi:~# sudo iptables -A POSTROUTING -s 10.6.0.0/24 -o tun0 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
iptables: No chain/target/match by that name.here
Also with thisâŚ
root@DietPi:~# sudo iptables -F
root@DietPi:~# sudo iptables -X
root@DietPi:~# sudo iptables -X
root@DietPi:~# sudo iptables -t nat -F
root@DietPi:~# sudo iptables -t nat -X
root@DietPi:~# sudo iptables -t mangle -F
root@DietPi:~# sudo iptables -t mangle -X
root@DietPi:~# sudo iptables -P INPUT ACCEPT
root@DietPi:~# sudo iptables -P FORWARD ACCEPT
root@DietPi:~# sudo iptables -P OUTPUT ACCEPT
root@DietPi:~# sudo iptables -A POSTROUTING -s 10.6.0.0/24 -o tun0 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
iptables: No chain/target/match by that name.
root@DietPi:~# sudo modprobe iptable_nat
Sorry, my typo
-t nat -A POSTROUTING -s 10.6.0.0/24 -o tun0 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
root@DietPi:~# tcpdump -i any -vn host 104.18.114.97 or host 104.18.115.97
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
09:53:20.000850 wg0 In IP (tos 0x0, ttl 255, id 50186, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:20.000859 wg0 In IP (tos 0x0, ttl 255, id 62577, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [SEW], cksum 0x8651 (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006084183 ecr 0,nop,wscale 9], length 0
09:53:20.001106 tun1 Out IP (tos 0x0, ttl 254, id 50186, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:20.001182 tun1 Out IP (tos 0x0, ttl 254, id 62577, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [SEW], cksum 0x8651 (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006084183 ecr 0,nop,wscale 9], length 0
09:53:20.292152 wg0 In IP (tos 0x0, ttl 255, id 54446, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [SEW], cksum 0x8039 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006084443 ecr 0,nop,wscale 9], length 0
09:53:20.292302 tun1 Out IP (tos 0x0, ttl 254, id 54446, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [SEW], cksum 0x8039 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006084443 ecr 0,nop,wscale 9], length 0
09:53:20.307417 wg0 In IP (tos 0x0, ttl 255, id 50187, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:20.307477 tun1 Out IP (tos 0x0, ttl 254, id 50187, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:21.081997 wg0 In IP (tos 0x0, ttl 255, id 50188, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:21.082002 wg0 In IP (tos 0x0, ttl 255, id 62578, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [S], cksum 0x8315 (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006085203 ecr 0,nop,wscale 9], length 0
09:53:21.082102 tun1 Out IP (tos 0x0, ttl 254, id 50188, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:21.082154 tun1 Out IP (tos 0x0, ttl 254, id 62578, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [S], cksum 0x8315 (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006085203 ecr 0,nop,wscale 9], length 0
09:53:21.260392 wg0 In IP (tos 0x0, ttl 255, id 54447, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [S], cksum 0x7d03 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006085457 ecr 0,nop,wscale 9], length 0
09:53:21.260496 tun1 Out IP (tos 0x0, ttl 254, id 54447, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [S], cksum 0x7d03 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006085457 ecr 0,nop,wscale 9], length 0
09:53:22.226187 wg0 In IP (tos 0x0, ttl 255, id 50189, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:22.226266 tun1 Out IP (tos 0x0, ttl 254, id 50189, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:23.075735 wg0 In IP (tos 0x0, ttl 255, id 62579, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [S], cksum 0x7b3e (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006087210 ecr 0,nop,wscale 9], length 0
09:53:23.075815 tun1 Out IP (tos 0x0, ttl 254, id 62579, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [S], cksum 0x7b3e (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006087210 ecr 0,nop,wscale 9], length 0
09:53:23.327794 wg0 In IP (tos 0x0, ttl 255, id 54448, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [S], cksum 0x7503 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006087505 ecr 0,nop,wscale 9], length 0
09:53:23.327907 tun1 Out IP (tos 0x0, ttl 254, id 54448, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [S], cksum 0x7503 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006087505 ecr 0,nop,wscale 9], length 0
09:53:24.081325 wg0 In IP (tos 0x0, ttl 255, id 50190, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:24.081423 tun1 Out IP (tos 0x0, ttl 254, id 50190, offset 0, flags [DF], proto UDP (17), length 1278)
10.6.0.2.46761 > 104.18.115.97.443: UDP, length 1250
09:53:27.075590 wg0 In IP (tos 0x0, ttl 255, id 62580, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [S], cksum 0x6b97 (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006091217 ecr 0,nop,wscale 9], length 0
09:53:27.075702 tun1 Out IP (tos 0x0, ttl 254, id 62580, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45434 > 104.18.115.97.443: Flags [S], cksum 0x6b97 (correct), seq 571745562, win 65535, options [mss 1240,sackOK,TS val 2006091217 ecr 0,nop,wscale 9], length 0
09:53:27.346004 wg0 In IP (tos 0x0, ttl 255, id 54449, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [S], cksum 0x6543 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006091537 ecr 0,nop,wscale 9], length 0
09:53:27.346104 tun1 Out IP (tos 0x0, ttl 254, id 54449, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.45444 > 104.18.115.97.443: Flags [S], cksum 0x6543 (correct), seq 1683154917, win 65535, options [mss 1240,sackOK,TS val 2006091537 ecr 0,nop,wscale 9], length 0
root@DietPi:~# iptables-save -c
# Generated by iptables-save v1.8.7 on Wed Apr 5 09:54:03 2023
*mangle
:PREROUTING ACCEPT [839898:140552709]
:INPUT ACCEPT [839105:140326083]
:FORWARD ACCEPT [793:226626]
:OUTPUT ACCEPT [576152:1251077351]
:POSTROUTING ACCEPT [577231:1251314103]
COMMIT
# Completed on Wed Apr 5 09:54:03 2023
# Generated by iptables-save v1.8.7 on Wed Apr 5 09:54:03 2023
*filter
:INPUT ACCEPT [839105:140326083]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [576152:1251077351]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[793:226626] -A FORWARD -j DOCKER-USER
[793:226626] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[0:0] -A FORWARD -d 10.6.0.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[0:0] -A FORWARD -s 10.6.0.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[793:226626] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -i eth0 -o tun0 -j ACCEPT
[0:0] -A FORWARD -i wg0 -o eth0 -j ACCEPT
[0:0] -A FORWARD -i eth0 -o wg0 -j ACCEPT
[0:0] -A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -i wg0 -o tun0 -j ACCEPT
[0:0] -A FORWARD -i tun0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 3000 -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[793:226626] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[793:226626] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Wed Apr 5 09:54:03 2023
# Generated by iptables-save v1.8.7 on Wed Apr 5 09:54:03 2023
*nat
:PREROUTING ACCEPT [1198:165404]
:INPUT ACCEPT [1016:119162]
:OUTPUT ACCEPT [31788:2326457]
:POSTROUTING ACCEPT [18199:1165287]
:DOCKER - [0:0]
[521:39148] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[1104:71564] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[0:0] -A POSTROUTING -s 10.6.0.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[13771:1207412] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 3000 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A POSTROUTING -s 10.6.0.0/24 -o tun0 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 3000 -j DNAT --to-destination 172.17.0.2:3000
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9002 -j DNAT --to-destination 172.17.0.3:9000
COMMIT
# Completed on Wed Apr 5 09:54:03 2023
root@DietPi:~#
whoops, sorry another typo. Itâs tun1 not tun0
root@DietPi:~# sudo iptables -t nat -A POSTROUTING -s 10.6.0.0/24 -o tun1 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
root@DietPi:~# tcpdump -i any -vn host 104.18.114.97 or host 104.18.115.97
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
17:32:40.029378 wg0 In IP (tos 0x0, ttl 255, id 42982, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47362 > 104.18.114.97.443: Flags [SEW], cksum 0xba89 (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373765534 ecr 0,nop,wscale 9], length 0
17:32:40.029515 tun1 Out IP (tos 0x0, ttl 254, id 42982, offset 0, flags [DF], proto TCP (6), length 60)
10.23.0.16.47362 > 104.18.114.97.443: Flags [SEW], cksum 0xba6a (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373765534 ecr 0,nop,wscale 9], length 0
17:32:40.066848 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47362: Flags [S.E], cksum 0xba26 (correct), seq 1863262434, ack 1563572747, win 65160, options [mss 1325,sackOK,TS val 1934884496 ecr 2373765534,nop,wscale 8], length 0
17:32:40.268594 wg0 In IP (tos 0x0, ttl 255, id 59415, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47364 > 104.18.114.97.443: Flags [SEW], cksum 0x94de (correct), seq 931038322, win 65535, options [mss 1240,sackOK,TS val 2373765779 ecr 0,nop,wscale 9], length 0
17:32:40.268767 tun1 Out IP (tos 0x0, ttl 254, id 59415, offset 0, flags [DF], proto TCP (6), length 60)
10.23.0.16.47364 > 104.18.114.97.443: Flags [SEW], cksum 0x94bf (correct), seq 931038322, win 65535, options [mss 1240,sackOK,TS val 2373765779 ecr 0,nop,wscale 9], length 0
17:32:40.306269 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47364: Flags [S.E], cksum 0x15d3 (correct), seq 1199687209, ack 931038323, win 65160, options [mss 1325,sackOK,TS val 1934884735 ecr 2373765779,nop,wscale 8], length 0
17:32:41.087645 wg0 In IP (tos 0x0, ttl 255, id 42983, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47362 > 104.18.114.97.443: Flags [S], cksum 0xb73e (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373766569 ecr 0,nop,wscale 9], length 0
17:32:41.087733 tun1 Out IP (tos 0x0, ttl 254, id 42983, offset 0, flags [DF], proto TCP (6), length 60)
10.23.0.16.47362 > 104.18.114.97.443: Flags [S], cksum 0xb71f (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373766569 ecr 0,nop,wscale 9], length 0
17:32:41.093300 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47362: Flags [S.E], cksum 0xb624 (correct), seq 1863262434, ack 1563572747, win 65160, options [mss 1325,sackOK,TS val 1934885522 ecr 2373765534,nop,wscale 8], length 0
17:32:41.124830 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47362: Flags [S.E], cksum 0xb604 (correct), seq 1863262434, ack 1563572747, win 65160, options [mss 1325,sackOK,TS val 1934885554 ecr 2373765534,nop,wscale 8], length 0
17:32:41.317332 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47364: Flags [S.E], cksum 0x11e0 (correct), seq 1199687209, ack 931038323, win 65160, options [mss 1325,sackOK,TS val 1934885746 ecr 2373765779,nop,wscale 8], length 0
17:32:41.326850 wg0 In IP (tos 0x0, ttl 255, id 59416, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47364 > 104.18.114.97.443: Flags [S], cksum 0x9188 (correct), seq 931038322, win 65535, options [mss 1240,sackOK,TS val 2373766825 ecr 0,nop,wscale 9], length 0
17:32:41.326928 tun1 Out IP (tos 0x0, ttl 254, id 59416, offset 0, flags [DF], proto TCP (6), length 60)
10.23.0.16.47364 > 104.18.114.97.443: Flags [S], cksum 0x9169 (correct), seq 931038322, win 65535, options [mss 1240,sackOK,TS val 2373766825 ecr 0,nop,wscale 9], length 0
17:32:41.364838 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47364: Flags [S.E], cksum 0x11b0 (correct), seq 1199687209, ack 931038323, win 65160, options [mss 1325,sackOK,TS val 1934885794 ecr 2373765779,nop,wscale 8], length 0
17:32:43.108570 wg0 In IP (tos 0x0, ttl 255, id 42984, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47362 > 104.18.114.97.443: Flags [S], cksum 0xaf3e (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373768617 ecr 0,nop,wscale 9], length 0
17:32:43.108716 tun1 Out IP (tos 0x0, ttl 254, id 42984, offset 0, flags [DF], proto TCP (6), length 60)
10.23.0.16.47362 > 104.18.114.97.443: Flags [S], cksum 0xaf1f (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373768617 ecr 0,nop,wscale 9], length 0
17:32:43.141440 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47362: Flags [S.E], cksum 0xae24 (correct), seq 1863262434, ack 1563572747, win 65160, options [mss 1325,sackOK,TS val 1934887570 ecr 2373765534,nop,wscale 8], length 0
17:32:43.146337 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47362: Flags [S.E], cksum 0xae1f (correct), seq 1863262434, ack 1563572747, win 65160, options [mss 1325,sackOK,TS val 1934887575 ecr 2373765534,nop,wscale 8], length 0
17:32:43.365546 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47364: Flags [S.E], cksum 0x09e0 (correct), seq 1199687209, ack 931038323, win 65160, options [mss 1325,sackOK,TS val 1934887794 ecr 2373765779,nop,wscale 8], length 0
17:32:43.468238 wg0 In IP (tos 0x0, ttl 255, id 59417, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47364 > 104.18.114.97.443: Flags [S], cksum 0x8988 (correct), seq 931038322, win 65535, options [mss 1240,sackOK,TS val 2373768873 ecr 0,nop,wscale 9], length 0
17:32:43.468364 tun1 Out IP (tos 0x0, ttl 254, id 59417, offset 0, flags [DF], proto TCP (6), length 60)
10.23.0.16.47364 > 104.18.114.97.443: Flags [S], cksum 0x8969 (correct), seq 931038322, win 65535, options [mss 1240,sackOK,TS val 2373768873 ecr 0,nop,wscale 9], length 0
17:32:43.506887 tun1 In IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
104.18.114.97.443 > 10.23.0.16.47364: Flags [S.E], cksum 0x0952 (correct), seq 1199687209, ack 931038323, win 65160, options [mss 1325,sackOK,TS val 1934887936 ecr 2373765779,nop,wscale 8], length 0
17:32:47.158392 wg0 In IP (tos 0x0, ttl 255, id 42985, offset 0, flags [DF], proto TCP (6), length 60)
10.6.0.2.47362 > 104.18.114.97.443: Flags [S], cksum 0x9f7e (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373772649 ecr 0,nop,wscale 9], length 0
17:32:47.158489 tun1 Out IP (tos 0x0, ttl 254, id 42985, offset 0, flags [DF], proto TCP (6), length 60)
10.23.0.16.47362 > 104.18.114.97.443: Flags [S], cksum 0x9f5f (correct), seq 1563572746, win 65535, options [mss 1240,sackOK,TS val 2373772649 ecr 0,nop,wscale 9], length 0
root@DietPi:~# iptables-save -c
# Generated by iptables-save v1.8.7 on Wed Apr 5 17:33:48 2023
*mangle
:PREROUTING ACCEPT [10029:2628718]
:INPUT ACCEPT [8580:2301291]
:FORWARD ACCEPT [1449:327427]
:OUTPUT ACCEPT [7467:1319917]
:POSTROUTING ACCEPT [8099:1466195]
COMMIT
# Completed on Wed Apr 5 17:33:48 2023
# Generated by iptables-save v1.8.7 on Wed Apr 5 17:33:48 2023
*filter
:INPUT ACCEPT [8580:2301291]
:FORWARD DROP [821:181764]
:OUTPUT ACCEPT [7467:1319917]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
[1449:327427] -A FORWARD -j DOCKER-USER
[1449:327427] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
[0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -o docker0 -j DOCKER
[0:0] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
[0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
[61:13183] -A FORWARD -d 10.6.0.0/24 -i eth0 -o wg0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment wireguard-forward-rule -j ACCEPT
[71:11791] -A FORWARD -s 10.6.0.0/24 -i wg0 -o eth0 -m comment --comment wireguard-forward-rule -j ACCEPT
[496:120689] -A FORWARD -i wg0 -j ACCEPT
[0:0] -A FORWARD -i eth0 -o tun0 -j ACCEPT
[0:0] -A FORWARD -i wg0 -o eth0 -j ACCEPT
[0:0] -A FORWARD -i eth0 -o wg0 -j ACCEPT
[0:0] -A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -i wg0 -o tun0 -j ACCEPT
[0:0] -A FORWARD -i tun0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 9000 -j ACCEPT
[0:0] -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 3000 -j ACCEPT
[0:0] -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
[1449:327427] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
[0:0] -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
[0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
[1449:327427] -A DOCKER-USER -j RETURN
COMMIT
# Completed on Wed Apr 5 17:33:48 2023
# Generated by iptables-save v1.8.7 on Wed Apr 5 17:33:48 2023
*nat
:PREROUTING ACCEPT [268:43388]
:INPUT ACCEPT [137:16683]
:OUTPUT ACCEPT [1294:101154]
:POSTROUTING ACCEPT [720:56014]
:DOCKER - [0:0]
[103:9695] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
[59:3924] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
[0:0] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
[6:360] -A POSTROUTING -s 10.6.0.0/24 -o eth0 -m comment --comment wireguard-nat-rule -j MASQUERADE
[574:45140] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 9000 -j MASQUERADE
[0:0] -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 3000 -j MASQUERADE
[125:26345] -A POSTROUTING -s 10.6.0.0/24 -o tun1 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
[0:0] -A POSTROUTING -s 10.6.0.0/24 -o tun1 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
[0:0] -A DOCKER -i docker0 -j RETURN
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 9002 -j DNAT --to-destination 172.17.0.2:9000
[0:0] -A DOCKER ! -i docker0 -p tcp -m tcp --dport 3000 -j DNAT --to-destination 172.17.0.3:3000
COMMIT
# Completed on Wed Apr 5 17:33:48 2023
root@DietPi:~#
You need to update your firewall rules, like:
-A FORWARD -i tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wg0 -o tun0 -j ACCEPT
into tun1.
Thanks you have been very kind, When I am connected to the DietPi server via WireGuard and Protonâs VPN is not active, everything works fine. If, while still connected to WireGuard, I turn on Protonâs VPN, everything continues to work as expected.
However, if I disconnect from the DietPi server via WireGuard and try to connect again while Protonâs VPN is active, I experience connection problems.
#!/bin/bash
# Clear this file completely, including line breaks, to have it removed.
ip route add default via 192.168.1.1 table 100
ip rule add iif lo sport 1194 lookup 100 prio 15010
ip rule add iif lo sport 51820 lookup 100 prio 15010
iptables -t nat -A POSTROUTING -s 10.6.0.0/24 -o tun1 -m comment --comment wireguard2openvpn-nat-rule -j MASQUERADE
iptables -A FORWARD -i tun1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wg0 -o tun1 -j ACCEPT