VPN routing does not work

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

I have a problem setting up wireguard.
My problem is packets from anywhere but the wireguard hos is not sent out on the wg0 interface.
I run wg0 with 192.168.96.1/24
ip forwarding is enabled. I can reach the webserver on wg0 host on both wg0 IP and its LAN IP.
But no traffic from other LAN hosts – Or answers to traffic masqueraded are getting sent out on wg0, but is is seen coming in on eth0.
ip route
192.168.96.0/24 dev wg0 proto kernel scope link src 192.168.96.1

I have lots of nat rules related to docker. But I have no idea why packets are not routed towards my wg0 host(s)
# iptables –list-rules
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o hassio -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o hassio -j DOCKER
-A FORWARD -i hassio ! -o hassio -j ACCEPT
-A FORWARD -i hassio -o hassio -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp –dport 9000 -j ACCEPT

-A DOCKER -d 172.30.33.6/32 ! -i hassio -o hassio -p tcp -m tcp –dport 22 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i hassio ! -o hassio -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o hassio -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN

# iptables -t nat –list-rules
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N DOCKER
-A PREROUTING -m addrtype –dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype –dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.30.32.0/23 ! -o hassio -j MASQUERADE
-A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp –dport 9000 -j MASQUERADE

-A POSTROUTING -s 172.30.33.6/32 -d 172.30.33.6/32 -p tcp -m tcp –dport 22 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER -i hassio -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp –dport 9000 -j DNAT –to-destination 172.17.0.3:9000
….
-A DOCKER ! -i hassio -p tcp -m tcp –dport 2222 -j DNAT –to-destination 172.30.33.6:22

X ITM Cloud News

Marisa

Leave a Reply

Next Post

How can I fix KDE compositing at a low framerate?

Thu Sep 17 , 2020
Spread the love          For some reason KDE is really slow this morning. Even the mouse lags as it moves around the screen (clearly not 60fps) and all the animations are jerky. top doesn’t show anything maxing out the cpu. I’ve tried changing compositor settings (e.g. using OpenGL) and disabling effects. Also […]
X- ITM

Cloud Computing – Consultancy – Development – Hosting – APIs – Legacy Systems

X-ITM Technology helps our customers across the entire enterprise technology stack with differentiated industry solutions. We modernize IT, optimize data architectures, and make everything secure, scalable and orchestrated across public, private and hybrid clouds.

This image has an empty alt attribute; its file name is x-itmdc.jpg

The enterprise technology stack includes ITO; Cloud and Security Services; Applications and Industry IP; Data, Analytics and Engineering Services; and Advisory.

Watch an animation of  X-ITM‘s Enterprise Technology Stack

We combine years of experience running mission-critical systems with the latest digital innovations to deliver better business outcomes and new levels of performance, competitiveness and experiences for our customers and their stakeholders.

X-ITM invests in three key drivers of growth: People, Customers and Operational Execution.

The company’s global scale, talent and innovation platforms serve 6,000 private and public-sector clients in 70 countries.

X-ITM’s extensive partner network helps drive collaboration and leverage technology independence. The company has established more than 200 industry-leading global Partner Network relationships, including 15 strategic partners: Amazon Web Services, AT&T, Dell Technologies, Google Cloud, HCL, HP, HPE, IBM, Micro Focus, Microsoft, Oracle, PwC, SAP, ServiceNow and VMware

.

X ITM