Damn, I don't understand.
I'm trying to setup a NAT over a VPN from a VPS I'm renting for its static IPv4 address, and I can't get it to work.
I have a WireGuard tunnel over IPv6 between that server and my client, the tunnel is working fine, but the best I got is to have traffic on the server to be redirect to the WireGuard tunnel, I see it in tcpdump, but on the client nothing comes through. I'm also really puzzled, there is no data on WireGuard statistics either, so the packets appear in tcpdump on the WireGuard interface but they are not sent ðĪŊ
ping and curl between server and client are working fine
any idea?
I've enabled the ipv4 sysctl for forwarding, I tried to forward using iptables, nftables and ufw ðĪŠ
UPDATE: thanks everyone for your support, I got it to work! I needed to have a masquerade rule :)
chain lan_nat_out {
type nat hook postrouting priority -1 ; policy accept;
masquerade
}
https://bsd.network/@solene/113559438239532966
@solene
Is the source IP of the package you see in the tcpdump on the wireguard interface at the vps part of allowed_ips on the client?
@solene
does your wireguard interfaces have an ipv4 ?
@solene linux networking is a bit like black magic sometimes. You may need to do some static routes that get added with an up/down script
@solene tcpdump shows the correct datagram on the wireguard logical interface but never increases its counter nor forwards *anything* to the otherwise of the wg tunnel?
@solene you need to enable IP masquerading
ââââ
ââââ