Difference between revisions of "Wireguard"

From Michael's Information Zone
Jump to navigation Jump to search
Line 10: Line 10:
 
firewall-cmd --permanent --zone=internal --change-interface=enp3s0
 
firewall-cmd --permanent --zone=internal --change-interface=enp3s0
 
firewall-cmd --permanent --add-masquerade
 
firewall-cmd --permanent --add-masquerade
 +
firewall-cmd --reload
 
</pre>
 
</pre>
 
*Enable forwarding
 
*Enable forwarding

Revision as of 18:33, 5 May 2025

Rocky Linux

Dual NIC wireguard setup

Prerequisite Network Config

  • Configure the firewall to only allow the wireguard port, then move the internal interface to the internal zone.
firewall-cmd --permanent --add-port=51820/udp --zone=public
firewall-cmd --permanent --remove-service=dhcpv6-client --zone=public
firewall-cmd --permanent --remove-service=cockpit --zone=public
firewall-cmd --permanent --remove-service=ssh --zone=public
firewall-cmd --permanent --zone=internal --change-interface=enp3s0
firewall-cmd --permanent --add-masquerade
firewall-cmd --reload
  • Enable forwarding
echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/01-sysctl.conf
Retrieved from "https://wiki.1701technology.com/index.php?title=Wireguard&oldid=1859"