Hello. I'm trying to run an IRC server on my machine at home. The problem is that I'm behind my ISP's CGNAT, so I'm trying to connect this home machine(A) to a remote machine(B) that has public IP using WireGuard.
On server A I wrote the following WireGuard config:
And on server B I wrote the below WireGuard and ipfw configs:
It works well and I'm able to access my IRC server on A from machine-b.com:6697. But now, all traffic on A is going through B's connection, and it is very slow. Since A has much faster internet I want to have em0 (A's ethernet) as default route rather than wg0 (so that I can download packages and stuff).
I tried searching a bit and found
Is there a solution to what I'm doing here? Thanks!
On server A I wrote the following WireGuard config:
Code:
# /usr/local/etc/wireguard/wg0.conf
[Interface]
PrivateKey = placeholder
Address = 192.168.3.2/32
DNS = 1.1.1.1
[Peer]
PublicKey = placeholder
PreSharedKey = placeholder
AllowedIPs = 0.0.0.0/0
Endpoint = machine-b.com:51820
PersistentKeepalive=15
And on server B I wrote the below WireGuard and ipfw configs:
Code:
# /usr/local/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.3.1/32
ListenPort = 51820
PrivateKey = placeholder
[Peer]
AllowedIPs = 192.168.3.2/32
PreSharedKey = placeholder
PublicKey = placeholder
Code:
# /etc/ipfw.rules
#!/bin/sh
ipfw -q -f flush
pif="re0"
ipfw nat 1 config if $pif redirect_port tcp 192.168.3.2:6697 6697
ipfw add 100 nat 1 ip4 from any to me in via $pif
ipfw add 200 nat 1 ip4 from 192.168.3.0/24 to any out via $pif
ipfw add allow all from any to any
Code:
# /etc/rc.conf
wireguard_interfaces="wg0"
wireguard_enable="YES"
gateway_enable="YES"
firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/ipfw.rules"
firewall_nat_enable="YES"
I tried searching a bit and found
Table = off
, added it to A's wg0.conf [Interface]
section and though it does make em0 remain default, it also makes the wg0 interface not function at all. (Tested with curl icanhazip.com --interface wg0
)Is there a solution to what I'm doing here? Thanks!