Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
aromensky2022-01-20 19:32:53
VPN
aromensky, 2022-01-20 19:32:53

Can't forward a number of IP addresses in nftables from wan port (eth0) to VLAN port (wg0) on ip 10.0.0.2?

I don't understand how it works, I've already tried everything.
Here is my hellish config:

#!/bin/bash
nft flush ruleset
#nft add table ip filter

#-----------------Type nat POSTROUTING Chain (for ipv4)---------------
#nft add table ip nat
#nft add chain nat POSTROUTING { type nat hook postrouting priority 0 \; }
#nft add rule ip nat POSTROUTING oifname "eth0" counter iifname "wg0"
#nft add rule ip nat POSTROUTING oifname "eth0" ip saddr 10.0.0.0/24 counter masquerade
#-----------------Type nat PREROUTING Chain (for ipv4)----------------



nft add table ip nat
nft add chain nat PREROUTING { type nat hook prerouting priority 2 \; }
nft add rule ip nat PREROUTING iifname "eth0" tcp dport { 224 } log prefix "wg0" dnat 127.0.0.1
#nft add rule ip nat PREROUTING iifname "wg0" tcp dport {224} counter dnat to 10.0.0.2
#nft add rule ip nat PREROUTING oifname "eth0" tcp dport {224} dnat to 10.0.0.2
#nft add rule ip nat PREROUTING iifname "eth0" tcp dport {224} counter dnat to iifname "wg0" ip dnat 10.0.0.2 

#nft add chain nat PREROUTING { type nat hook prerouting priority 0 \; }

#nft add rule ip nat PREROUTING iifname "wg0" tcp dport {80, 443, 224, 3000} counter dnat to 10.0.0.2
#nft add rule nat PREROUTING iif "eth0" tcp dport {224} dnat to 10.0.0.2
#nft add rule nat PREROUTING iif "eth0" tcp dport {224} dnat "wg0" tcp dport

#nft add rule ip nat PREROUTING iif eth0 tcp dport 224 dnat to 10.0.0.2
#nft add rule daddr 10.0.0.2 masquerade

#nft add rule ip daddr 10.0.0.2 masquerade
#nft add rule ip nat daddr 10.0.0.2 masquerade
#nft add rule ip nat PREROUTING daddr 10.0.0.2 masquerade
#nft add rule nat PREROUTING iif "wg0" tcp dport { 80, 443, 224, 3000} dnat to 10.0.0.2
#nft add rule nat PREROUTING iif "wg0" tcp dport { 80, 443, 224, 3000} dnat to 194.58.120.103/24
#nft add rule nat POSTROUTING ip saddr 10.0.0.2 oif "eth0" snat to counter masquerade

#nft add rule ip nat POSTROUTING ip saddr 10.0.0.2 

nft add chain nat PREROUTING_2 { type nat hook prerouting priority 10 \; }
nft add rule nat PREROUTING_2 meta nftrace set 1



#nft add chain nat postrouting { type nat hook postrouting priority 0 \; }
#nft add rule ip nat postrouting oifname eth0 ip daddr 10.0.0.2 masquerade

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Andrey Barbolin, 2022-01-21
@aromensky

Basically, one rule per preroute is enough to allow a forward (if it is disabled by default).

sudo nft add rule nat PREROUTING iifname "eth0" tcp dport {224} dnat 10.0.0.2

(wg0) on ip 10.0.0.2?

Who is his GW? If not this server, then you also need SNAT (masquerade),
sudo nft add rule nat postrouting oifname wg0 masquerade

Similar questions
I
impressive172019-12-04 00:39:50
What is the difference between the structure of projects in Obj C and Swift languages? 6Reply
D
dminster942020-11-20 23:41:56
Are there normal VPNs? 4Reply
A
Andrey2022-04-13 16:17:34
How to bypass ip ban from provider? 1Reply
A
Artem2022-04-20 13:44:53
How to prevent users on the network from using VPN? how to block connections? 4Reply
V
Vasily2022-04-21 16:21:52
Why ubuntu wireguard won't let smtp connect? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question