Strange firewall dnat rule to make WireGuard work on dual-interface
James
james.b.price at gmail.com
Sat Oct 5 15:27:04 CEST 2019
Thanks for the reply.
I was able to get it to work. I had an issue with my iptables when trying
to copy and understand your example.
I was using the NEW and Related,established marking in the wrong way that
resulted in forward marks being cleared for related an established packets.
All good now. Your original post is the best I've found in regards to
required iptables entries for a dual interface setup.
I still think this behavior is in "bug territory". The wg server should be
replying with the same ip address that it received packets on.
On Fri, 4 Oct 2019 at 08:52, Simone Rossetto <simros85 at gmail.com> wrote:
> Hi James
>
> Il giorno mer 25 set 2019 alle ore 10:51 James
> <james.b.price at gmail.com> ha scritto:
> > By design or lack of features, it ignores what the interface and IP the
> incoming packet was received on.
>
> Yes, it seams that.
>
> > I'm trying to do something similar to you but even with your IPtables I
> can't get mine to work. I have a more complicated setup and I can't seem to
> get the outbound packets to follow a routing table using a mark.
>
> Maybe I can help you... tell me which is your configuration and what
> you need to accomplish.
>
>
> Bye
> Simone
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20191005/a7d4d4e3/attachment.html>
More information about the WireGuard
mailing list