Hi,

I would like to forward packets that come from a wireguard connection to a local subnet

environment
  • Client: connected to server trough wireguard IP 192.168.X.2
  • server: connected to Client trough wireguard IP 192.168.X.1 and 192.168.Y.1 ( it’s not systemd free ¯\(ツ)/¯  )
  • aMachine: on the same subnet as server IP 192.168.Y.2

   

on the server I’ve done

#I don't know if this is necessary ?
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl --system

I’ve added the following rule to the nftables config on server but it seem the packet get lost ?

#added inside existing table `table ip Tip {}`
chain chPreRoute {
type nat hook prerouting priority 0; policy accept;
iif wg0 icmp type echo-request dnat to 192.168.Y.2
}
  • SpongeB0BOPEnglish
    1·
    17 hours ago

    SOLVED

    The following works !

    I guess one of my others rules was blocking

    table ip Tip {
        chain prerouting {
                type nat hook prerouting priority -100; policy accept;
                ip daddr 192.168.y.2 log prefix "forwarded " dnat to 192.168.y.3
        }
        chain postrouting {
                type nat hook postrouting priority 100; policy accept;
                masquerade
        }
        chain INPUT {
                type filter hook input priority filter; policy accept;
        }
        chain FORWARD {
                type filter hook forward priority filter; policy accept;
        }
        chain OUTPUT {
                type filter hook output priority filter; policy accept;
        }
}