[SOLVED] Multiple network adapters routing Topic is solved

Have some feedback, questions, suggestions, or just fancy a chat? Pop it in here.
User avatar
WatskeBart
Posts: 12
Joined: Mon Mar 23, 2020 2:36 pm

Re: Multiple network adapters routing

Post by WatskeBart »

trendy wrote: Tue Mar 24, 2020 2:28 pm The problem is that Network B doesn't have a route to the WG network. Ideally you should add a static route on the gateways of both networks A and B for 10.9.0.0/24 via the IP of the Raspi.
If you cannot achieve that the other option is to SNAT on the Raspi, more or less what you have tried to do there with masquerade, but only for eth0, while you need to do it for eth1 as well.
Try this:

Code: Select all

iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 10.0.10.250
This static NAT did the trick! Many thanks, but I still can't visualize in my head what this does.
//WB

There's not much you can do, without a CPU.
trendy
Posts: 117
Joined: Tue Feb 25, 2020 2:54 pm

Re: Multiple network adapters routing

Post by trendy »

Similarly to the masquerade, it NATs the source address of the packets that egress the eth1 interface. But it is much more customizable and preferred that masquerade when you have a static IP.
You can add the `-s 10.9.0.0/24` option to limit the NATing only to packets coming from WG.
User avatar
WatskeBart
Posts: 12
Joined: Mon Mar 23, 2020 2:36 pm

Re: Multiple network adapters routing

Post by WatskeBart »

trendy wrote: Tue Mar 24, 2020 3:13 pm Similarly to the masquerade, it NATs the source address of the packets that egress the eth1 interface. But it is much more customizable and preferred that masquerade when you have a static IP.
You can add the `-s 10.9.0.0/24` option to limit the NATing only to packets coming from WG.
When I want to limit a specific client would it be `-s 10.9.0.4` ?
//WB

There's not much you can do, without a CPU.
trendy
Posts: 117
Joined: Tue Feb 25, 2020 2:54 pm

Re: [SOLVED] Multiple network adapters routing

Post by trendy »

General iptables rules apply here as well. So yes you could do that. However don't as next time you add a WG client it won't work and you might not remember what did you do to allow traffic. But if it works and you don't want it to work you can always add a rule to block it much earlier in the ingress interface, thus saving CPU cycles of pointless firewall actions.
User avatar
WatskeBart
Posts: 12
Joined: Mon Mar 23, 2020 2:36 pm

Re: [SOLVED] Multiple network adapters routing

Post by WatskeBart »

Thanks for this info, learned a lot :)
//WB

There's not much you can do, without a CPU.
Post Reply