« Wireguard ipv6 GUA » : différence entre les versions
Aucun résumé des modifications |
|||
| Ligne 43 : | Ligne 43 : | ||
== Configuration de l'interface wg0 == | == Configuration de l'interface wg0 == | ||
* Dans les règles IPv4, nous effectuons un NAT pour l'adresse IPv4.<br /> | |||
<pre> | <pre> | ||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; | PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; | ||
| Ligne 50 : | Ligne 49 : | ||
</pre> | </pre> | ||
* Dans les règles IPv6, nous ajoutons une règle pour transférer le trafic vers l'interface Internet.<br /> | |||
<pre> | <pre> | ||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;ip6tables -A FORWARD -i eth0 -o wg0 -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; | PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;ip6tables -A FORWARD -i eth0 -o wg0 -j ACCEPT; ip6tables -A FORWARD -i wg0 -j ACCEPT; | ||
| Ligne 57 : | Ligne 55 : | ||
</pre> | </pre> | ||
* Version nftables avant l'ipv6 | |||
<pre> | <pre> | ||
PostUp = nft add table ip wireguard;nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade;nft add table ip6 wireguard;nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade; | PostUp = nft add table ip wireguard;nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade;nft add table ip6 wireguard;nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade; | ||
| Ligne 63 : | Ligne 61 : | ||
</pre> | </pre> | ||
* Version nftables avec l'ipv6 | |||
<pre> | <pre> | ||
PostUp = nft add table ip wireguard;nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade; nft add table ip6 wireguard;nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade;nft add chain ip6 wireguard FORWARD { type filter hook forward priority filter\; };nft add rule ip6 wireguard FORWARD iifname "eth0" oifname "wg0" ct state related,established counter accept;nft add rule ip6 wireguard FORWARD iifname "wg0" counter accept; | PostUp = nft add table ip wireguard;nft add chain ip wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip wireguard wireguard_chain counter packets 0 bytes 0 masquerade; nft add table ip6 wireguard;nft add chain ip6 wireguard wireguard_chain {type nat hook postrouting priority srcnat\; policy accept\;};nft add rule ip6 wireguard wireguard_chain counter packets 0 bytes 0 masquerade;nft add chain ip6 wireguard FORWARD { type filter hook forward priority filter\; };nft add rule ip6 wireguard FORWARD iifname "eth0" oifname "wg0" ct state related,established counter accept;nft add rule ip6 wireguard FORWARD iifname "wg0" counter accept; | ||