diff --git a/src/lib/Util.js b/src/lib/Util.js
index 898e805..ccbad79 100644
--- a/src/lib/Util.js
+++ b/src/lib/Util.js
@@ -5,6 +5,7 @@ const childProcess = require('child_process');
 module.exports = class Util {
 
   static promisify(fn) {
+    // eslint-disable-next-line func-names
     return function(req, res) {
       Promise.resolve().then(async () => fn(req, res))
         .then(result => {
@@ -39,6 +40,9 @@ module.exports = class Util {
   }
 
   static async exec(cmd) {
+    // eslint-disable-next-line no-console
+    console.log(`$ ${cmd}`);
+
     if (process.platform !== 'linux') {
       return '';
     }
diff --git a/src/lib/WireGuard.js b/src/lib/WireGuard.js
index b91b6be..01ff330 100644
--- a/src/lib/WireGuard.js
+++ b/src/lib/WireGuard.js
@@ -51,6 +51,10 @@ module.exports = class WireGuard {
 
         await this.__saveConfig(config);
         await Util.exec('wg-quick up wg0');
+        await Util.exec(`iptables -t nat -A POSTROUTING -s ${WG_DEFAULT_ADDRESS.replace('x', '0')}/24 -o eth0 -j MASQUERADE`);
+        await Util.exec('iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT');
+        await Util.exec('iptables -A FORWARD -i wg0 -j ACCEPT');
+        await Util.exec('iptables -A FORWARD -o wg0 -j ACCEPT');
         await this.__syncConfig();
 
         return config;
diff --git a/src/package.json b/src/package.json
index f5c9c1c..611c879 100644
--- a/src/package.json
+++ b/src/package.json
@@ -27,6 +27,6 @@
     ]
   },
   "engines": {
-    "node": "16"
+    "node": "14"
   }
 }
\ No newline at end of file