Tags
webserver
Created
Jun 6, 2026 8:17 PM
CentOS 安装 wireguard-tools,
Xray 服务器添加:
重启 xray:systemctl restart xray
配置转发(/etc/sysctl.d/99-ip-forward.conf):
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.wg0.rp_filter = 0持久化生效: sudo sysctl -p /etc/sysctl.d/99-ip-forward.conf
WireGuard 配置(/etc/wireguard/wg0.conf): 删除不必要的本地 DNS 配置 添加:
# 不处理系统流量
Table = off
# 只处理 Xray 中标记的流量
PostUp = ip rule add fwmark 0x666 table 1000
PostUp = ip route add default dev wg0 table 1000
# 回包从 wg0 进来,避免被系统过滤
PostUp = sysctl -w net.ipv4.conf.wg0.rp_filter=0
PreDown = ip rule del fwmark 0x666 table 1000
PreDown = ip route del default dev wg0 table 1000启动隧道:sudo wg-quick up wg0
‣
地址转换(这个好像不需要?):sudo iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE
‣
