# 从服务端获取配置和密钥公钥到/etc/wireguard
 wg-quick up wg0

systemctl enable wg-quick@wg0

# 查看nat转发表
iptables -nvL -t nat --line-numbers |more

# 本机： 10.101.7.1:40001(10.250.101.7:40001)
# 转发至10.250.0.1:22
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 40001 -j DNAT --to-destination 10.250.0.1:22
iptables -t nat -A POSTROUTING -d 10.250.0.1 -p tcp -m tcp --dport 22 -j SNAT --to-source 10.101.7.1

# 或者
iptables -t nat -A PREROUTING -p tcp -i flannel.100 --dport 40001 -j DNAT --to 10.250.0.1:22
iptables -t nat -A POSTROUTING -j MASQUERADE