It turns out to enable wireguard server to serve on LAN port, providing Internet access to wireguard client,
you need to enable LAN masquerading and related forwarding rule, use the following command:
# enable wireguard server to LAN forwarding
uci set firewall.wgserver2lan=forwarding
uci set firewall.wgserver2lan.src='wgserver'
uci set firewall.wgserver2lan.dest='lan'
uci set firewall.wgserver2lan.enabled='1'
# set LAN masquerading
uci set firewall.@zone[0].masq='1'
uci set firewall.@zone[0].masq6='1'
uci commit firewall
/etc/init.d/firewall reload