From 302c04a0e81693ae6afac2a169e634e9ed24edf6 Mon Sep 17 00:00:00 2001
From: Alexander Pankratov <s.pankratoff@gmail.com>
Date: Thu, 26 Sep 2024 13:08:55 +0200
Subject: [PATCH] Fix iperf

---
 rootfs/etc/ferm/ferm.conf | 2 +-
 wireguard/entrypoint.sh   | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/rootfs/etc/ferm/ferm.conf b/rootfs/etc/ferm/ferm.conf
index c70fd48..9826bbc 100644
--- a/rootfs/etc/ferm/ferm.conf
+++ b/rootfs/etc/ferm/ferm.conf
@@ -59,7 +59,7 @@ table nat {
 		saddr $VPNTCP_RANGE daddr $VPNTCP_DNS ACCEPT;
 		saddr $DOCKER_RANGE daddr $DOCKER_DNS ACCEPT;
 
-	daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;
+		daddr ($VPNUDP_DNS $VPNTCP_DNS $DOCKER_DNS) REDIRECT;
 
 		saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) daddr ! $DNSMAP_RANGE CONNMARK set-mark 1;
 		saddr ($VPNUDP_RANGE $VPNTCP_RANGE $DOCKER_RANGE) daddr $DNSMAP_RANGE jump dnsmap;
diff --git a/wireguard/entrypoint.sh b/wireguard/entrypoint.sh
index 952f0dc..120335c 100755
--- a/wireguard/entrypoint.sh
+++ b/wireguard/entrypoint.sh
@@ -11,8 +11,10 @@ export WG_HOST=$(curl -4 icanhazip.com)
 export AZ_HOST=$(dig +short antizapret-vpn)
 
 ip route add 10.224.0.0/15 via $AZ_HOST
+iptables -t nat -A PREROUTING -d 10.224.0.1/32 -j DNAT --to-destination $AZ_HOST
+iptables -t nat -A OUTPUT -d 10.224.0.1/32 -j DNAT --to-destination $AZ_HOST
 
-if [[ ${FORCE_FORWARD_DNS:-false} == true ]]; then
+if [[ ${FORCE_FORWARD_DNS:-true} == true ]]; then
     dnsPorts=${FORCE_FORWARD_DNS_PORTS:-"53"}
     for dnsPort in $dnsPorts; do
         iptables -t nat -A PREROUTING -i wg0 -p udp -m udp --dport $dnsPort -j DNAT --to-destination $AZ_HOST