Hi there,
I have a server that runs CWP. I also have Wireguard installed on the same server.
Wiregaurd on clients is working fine till I enable csf. When I enable csf, clients can connect to the server through Wireguard, but they don't have internet traffic at all.
Can anybody help me to force csf to let the Wireguard clients have their own traffic?
Regards
Enabling Wireguard in csf
-
sina_saeedi82
- Junior Member
- Posts: 2
- Joined: 08 Sep 2020, 15:05
Re: Enabling Wireguard in csf
Finally I found the solution.
1) Run
2) Search the output for Running /usr/local/csf/bin/csfpre.sh or Running /etc/csf/csfpre.sh
3) When you found which one of the above files is yours, run nano ABOVE_FILE_ADDRESS, something like this:
4) Add the following to the file:
5) Replace eth0 with your network device like ens0 or ...
And also replace 10.66.66.1/24 with your Wireguard address can be found in /etc/wireguard/wg0.conf
6) Edit csf config and find these parts: TCP_IN, TCP_OUT, UDP_IN and UDP_OUT
7) Add your Wireguard port to the end of these 4 lines. Wireguard port can be found in /etc/wireguard/wg0.conf in front of ListenPort.
8) Run
9) Enjoy!
1) Run
Code: Select all
csf -r3) When you found which one of the above files is yours, run nano ABOVE_FILE_ADDRESS, something like this:
Code: Select all
nano /usr/local/csf/bin/csfpre.shCode: Select all
iptables -A INPUT -i wg0 -j ACCEPT
iptables -A OUTPUT -o wg0 -j ACCEPT
iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.66.66.1/24 -o eth0 -j MASQUERADE
And also replace 10.66.66.1/24 with your Wireguard address can be found in /etc/wireguard/wg0.conf
6) Edit csf config and find these parts: TCP_IN, TCP_OUT, UDP_IN and UDP_OUT
Code: Select all
nano /etc/csf/csf.conf8) Run
Code: Select all
csf -rRe: Enabling Wireguard in csf
Thanks, this is exactly what I was looking for !