[LINUX] REDIRECT TO INTERNAL USING WIREGUARD - fourslickz/notes GitHub Wiki

Dokumentasi NAT & Port Forwarding

Informasi Server

  • Interface Publik: eth0103.175.216.168/23
  • Interface VPN (WireGuard): wg010.2.0.0/24

Mapping Port

Public Port Private IP Private Port Keterangan
8203 10.2.0.3 8291 Winbox Router
8300 10.2.0.4 22 SSH Server
8400 10.2.0.5 3389 RDP Windows Server

Script Iptables port-forward.sh

#!/bin/bash

WAN_IF="eth0"
WG_IF="wg0"

# Format MAPPINGS: WAN_PORT:LAN_IP:LAN_PORT
MAPPINGS=(
  "8203:10.2.0.3:8291"   # Winbox Mikrotik
  "8204:10.2.0.4:22"     # SSH ke host lain
  "8300:10.2.0.5:3000"   # Web app di WireGuard host
)

for MAP in "${MAPPINGS[@]}"; do
  WAN_PORT=$(echo $MAP | cut -d: -f1)
  LAN_IP=$(echo $MAP | cut -d: -f2)
  LAN_PORT=$(echo $MAP | cut -d: -f3)

  echo "[*] Membersihkan rule lama untuk $WAN_IF:$WAN_PORT -> $LAN_IP:$LAN_PORT"

  # Hapus rule lama
  iptables -t nat -D PREROUTING -i $WAN_IF -p tcp --dport $WAN_PORT -j DNAT --to-destination $LAN_IP:$LAN_PORT 2>/dev/null
  iptables -D FORWARD -i $WAN_IF -o $WG_IF -p tcp -d $LAN_IP --dport $LAN_PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 2>/dev/null
  iptables -D FORWARD -i $WG_IF -o $WAN_IF -p tcp -s $LAN_IP --sport $LAN_PORT -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null
  iptables -t nat -D POSTROUTING -o $WG_IF -d $LAN_IP -p tcp --dport $LAN_PORT -j MASQUERADE 2>/dev/null

  echo "[*] Menambahkan rule baru $WAN_IF:$WAN_PORT -> $LAN_IP:$LAN_PORT"

  # Tambahkan rule baru
  iptables -t nat -A PREROUTING -i $WAN_IF -p tcp --dport $WAN_PORT -j DNAT --to-destination $LAN_IP:$LAN_PORT
  iptables -A FORWARD -i $WAN_IF -o $WG_IF -p tcp -d $LAN_IP --dport $LAN_PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
  iptables -A FORWARD -i $WG_IF -o $WAN_IF -p tcp -s $LAN_IP --sport $LAN_PORT -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -t nat -A POSTROUTING -o $WG_IF -d $LAN_IP -p tcp --dport $LAN_PORT -j MASQUERADE

done

echo "[+] Semua rule multi-port & multi-IP sudah dibersihkan & ditambahkan ulang."