table ip wg {
    chain prerouting {
        type nat hook prerouting priority -100; policy accept;
        tcp dport { 6881, 50300 } counter dnat to 10.10.10.2
    }

    chain outbound {
        type nat hook postrouting priority 100; policy accept;
	ip saddr 10.10.10.2 oif venet0 masquerade
        ip daddr 10.10.10.2 masquerade
    }

    chain forward {
        type filter hook forward priority 100; policy accept;
	ct state established,related accept
	iifname "wg0" accept
    }
}