From eeef07d9646c57b6d86bd4f683413d238ac327e5 Mon Sep 17 00:00:00 2001 From: gyurix Date: Mon, 15 Jun 2026 07:41:07 +0200 Subject: [PATCH] feat(gateway): add iptables-legacy and temporary port redirection - Install iptables-legacy package in Dockerfile to support iptables rules - Add temporary iptables rules in set_gateway.sh to redirect HTTP/HTTPS traffic from wg0 to 172.18.103.2 - These rules are temporary and should be removed after service-exec go update --- Dockerfile | 4 +++- set_gateway.sh | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 696530d..7e276e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,9 @@ FROM alpine:latest COPY --from=0 /root/.cargo/bin/boringtun-cli /usr/bin/boringtun -RUN apk add --no-cache tini wireguard-tools \ +# replace the commented line with the following after service-exec go update +#RUN apk add --no-cache tini wireguard-tools \ +RUN apk add --no-cache tini wireguard-tools iptables-legacy \ && apk add --no-cache --virtual .build-deps libcap \ && setcap cap_net_admin+ep /usr/bin/boringtun \ && apk del --purge .build-deps \ diff --git a/set_gateway.sh b/set_gateway.sh index 422046f..afa91ea 100755 --- a/set_gateway.sh +++ b/set_gateway.sh @@ -4,4 +4,11 @@ ENDPOINT=$(cat /etc/wireguard/wg0.conf | grep Endpoint | awk '{print $3}' |cut - IP_GATEWAY=$(route -n | grep 'UG[ \t]' | awk '{print $2}'); route add -host $ENDPOINT gw $IP_GATEWAY; +# temporary added iptables lines +iptables-legacy -t nat -I PREROUTING -i wg0 -p tcp -m tcp --dport 80 -j DNAT --to-destination 172.18.103.2:80 +iptables-legacy -t nat -I PREROUTING -i wg0 -p tcp -m tcp --dport 443 -j DNAT --to-destination 172.18.103.2:443 +iptables-legacy -t nat -I POSTROUTING -d 172.18.103.0/24 -p tcp -m tcp --dport 80 -j MASQUERADE +iptables-legacy -t nat -I POSTROUTING -d 172.18.103.0/24 -p tcp -m tcp --dport 443 -j MASQUERADE +# need to remove after service-exec go update + /etc/wireguard/persistentkeepalive.sh &