ConfigServer Community Forum

Posted: **08 Sep 2020, 15:12**

Hi there,
I have a server that runs CWP. I also have Wireguard installed on the same server.
Wiregaurd on clients is working fine till I enable csf. When I enable csf, clients can connect to the server through Wireguard, but they don't have internet traffic at all.
Can anybody help me to force csf to let the Wireguard clients have their own traffic?

Regards

Posted: **09 Sep 2020, 09:07**

Finally I found the solution.

1) Run

Code: Select all

csf -r

2) Search the output for Running /usr/local/csf/bin/csfpre.sh or Running /etc/csf/csfpre.sh

3) When you found which one of the above files is yours, run nano ABOVE_FILE_ADDRESS, something like this:

Code: Select all

nano /usr/local/csf/bin/csfpre.sh

4) Add the following to the file:

Code: Select all

iptables -A INPUT -i wg0 -j ACCEPT
iptables -A OUTPUT -o wg0 -j ACCEPT
iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.66.66.1/24 -o eth0 -j MASQUERADE

5) Replace eth0 with your network device like ens0 or ...
And also replace 10.66.66.1/24 with your Wireguard address can be found in /etc/wireguard/wg0.conf

6) Edit csf config and find these parts: TCP_IN, TCP_OUT, UDP_IN and UDP_OUT

Code: Select all

nano /etc/csf/csf.conf

7) Add your Wireguard port to the end of these 4 lines. Wireguard port can be found in /etc/wireguard/wg0.conf in front of ListenPort.

8) Run

Code: Select all

csf -r

9) Enjoy!

Posted: **09 Oct 2020, 17:15**

Thanks, this is exactly what I was looking for !

ConfigServer Community Forum

Enabling Wireguard in csf

Enabling Wireguard in csf

Re: Enabling Wireguard in csf

Re: Enabling Wireguard in csf