I dont fully understand your question here.
Since its a encrypted TUNNEL everything inside the tunnel is invisible to every hop in between.
And since the traffic is originating from the router, which presumably has an IP on the ether1 interface, there's no need to NAT.
You have 1 IP-Address on ether1. You need just 1 Address (for the router).
Everything else communicates through the wireguard tunnel, which counts as another interface.
When you establish the Wireguard tunnel the router uses its IP on the ether1 interface to communicate with the Wireguard Peer.Maybe I am mistaken but I'd assume the traffic wouldn't flow unless you NAT'd it again when it is leaving the WAN but it seems that it does that automatically without needing a NAT rule set up?
Since its a encrypted TUNNEL everything inside the tunnel is invisible to every hop in between.
And since the traffic is originating from the router, which presumably has an IP on the ether1 interface, there's no need to NAT.
You have 1 IP-Address on ether1. You need just 1 Address (for the router).
Everything else communicates through the wireguard tunnel, which counts as another interface.
Statistics: Posted by itimo01 — Fri Mar 21, 2025 1:15 am