# Wireguard 10.0.0.1 - c.h.main 10.0.0.2 - l.macmachine 10.0.0.3 - c.h.apps 10.0.0.4 - MaxPix 10.0.0.5 - MaxBlade 10.0.0.6 - MaxMachine ## Routing all traffic through wireguard To route all traffic through wireguard you need to specify that all IP addresses should be routed through a specified peer in your wireguard config: ```config [Interface] ... [Peer] AllowedIPs=0.0.0.0/0, ::0 ``` The `0.0.0.0/0` is CIDR Syntax and defines a range the encompasses all IPv4 addresses, the `::0` Part defines a range for all Ipv6 addresses. That means that all traffic gets routed through the peer you specify it for. On that peer you need to setup some PostUp/PreDown [[Resources/dev/iptables]] scripts that set it up so all traffic gets routed to the www. ```config [Interface] PostUp = iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE PostUp = ip6tables -t nat -I POSTROUTING -o eth0 -j MASQUERADE PreDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE PreDown = ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE ``` You also need to add the following to `/etc/sysctl.d/wireguard.conf`: ```conf net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 ``` And run `sysctl -p` to apply the changes. Here is a breakdown from ChatGPT on the iptables command: >* `iptables`: This is the command itself, indicating that you want to work with the iptables utility. > >* `-t nat`: This option specifies the table to which the rule will be added. In this case, the table is "nat," which stands for Network Address Translation. This table is used for configuring network address translation rules, such as masquerading or port forwarding. > >* `-I POSTROUTING`: This option inserts a new rule into the "POSTROUTING" chain. The POSTROUTING chain is part of the nat table and is responsible for modifying outgoing packets after they have been routed. It is commonly used for applying Network Address Translation (NAT) to outgoing connections. > >* `-o eth0`: This option specifies the outbound network interface for the rule. In this case, it is "eth0," which represents a specific network interface. You may need to replace "eth0" with the appropriate interface name for your system. > >* `-j MASQUERADE`: This option specifies the target action for the rule. In this case, it is "MASQUERADE." MASQUERADE is a type of Network Address Translation (NAT) that allows multiple devices on a local network to share a single public IP address when accessing the internet. It replaces the source IP address of outgoing packets with the IP address of the outbound interface, enabling two-way communication between the local network and external networks.