diff --git a/wireguard/wg0.conf.tmpl b/wireguard/wg0.conf.tmpl
index 4ce90b4..c1614e6 100644
--- a/wireguard/wg0.conf.tmpl
+++ b/wireguard/wg0.conf.tmpl
@@ -1,6 +1,9 @@
 [Interface]
 PrivateKey = ${wg_key}
 Address = ${wg_address}/${wg_prefix:-32}
+ListenPort = ${wg_port:-51820}
+PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
 
 {{ range files "wireguard/peers" }} {{ if ne . "${tinc_peer_name}" }}
 [Peer]