iptables -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p udp -m udp --dport 3658 -j ACCEPT-p 3658:3658/udp \sudo nsenter -n -t $(docker inspect -f '{{.State.Pid}}' wg-easy) iptables -t nat -A PREROUTING -d $(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' wg-easy) -p udp --dport 3658 -j DNAT --to-dest 10.8.0.2:3658
sudo nsenter -n -t $(docker inspect -f '{{.State.Pid}}' wg-easy) iptables -t filter -A INPUT -p udp -d 10.8.0.2 --dport 3658 -j ACCEPTnetstat -tulpn | grep docker-proxy
tcp 0 0 0.0.0.0:51821 0.0.0.0:* LISTEN 21224/docker-proxy
tcp6 0 0 :::51821 :::* LISTEN 21229/docker-proxy
udp 0 0 0.0.0.0:3658 0.0.0.0:* 21262/docker-proxy
udp 0 0 0.0.0.0:51820 0.0.0.0:* 21243/docker-proxy
udp6 0 0 :::3658 :::* 21267/docker-proxy
udp6 0 0 :::51820 :::* 21248/docker-proxydocker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6d0dc61f0533 weejewel/wg-easy "docker-entrypoint.s…" 6 minutes ago Up 6 minutes 0.0.0.0:3658->3658/udp, :::3658->3658/udp, 0.0.0.0:51820->51820/udp, :::51820->51820/udp, 0.0.0.0:51821->51821/tcp, :::51821->51821/tcp wg-easy
Хорошо бы без сторонних программ.