Svc-net-wireguard-firewalled Role¶
Description: No description available
Variables¶
author: Kevin Veen-Birkenbach
description: Adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall, ensuring that traffic is correctly forwarded and masqueraded.
license: Infinito.Nexus NonCommercial License
license_url: https://s.infinito.nexus/license
company: Kevin Veen-Birkenbach
Consulting & Coaching Solutions https://www.veen.world
min_ansible_version: 2.9
platforms: [{‘name’: ‘Linux’, ‘versions’: [‘all’]}]
galaxy_tags: [‘wireguard’, ‘nat’, ‘firewall’, ‘iptables’, ‘networking’]
repository: https://s.infinito.nexus/code
issue_tracker_url: https://s.infinito.nexus/issues
documentation: https://docs.infinito.nexus
README¶
WireGuard Client behind NAT¶
Description¶
This role adapts iptables rules to enable proper connectivity for a WireGuard client running behind a NAT or firewall. It ensures that traffic is forwarded correctly by applying necessary masquerading rules.
Overview¶
Optimized for environments with network address translation (NAT), this
role: - Executes shell commands to modify iptables rules. - Allows
traffic from the WireGuard client interface (e.g. wg0-client) and
sets up NAT masquerading on the external interface (e.g. eth0). -
Works as an extension to the native WireGuard client role.
Purpose¶
The primary purpose of this role is to enable proper routing and connectivity for a WireGuard client situated behind a firewall or NAT device. By adapting iptables rules, it ensures that the client can communicate effectively with external networks.
Features¶
iptables Rule Adaptation: Modifies iptables to allow forwarding and NAT masquerading for the WireGuard client.
NAT Support: Configures the external interface for proper masquerading.
Role Integration: Depends on the svc-net-wireguard-plain role to ensure that WireGuard is properly configured before applying firewall rules.