Re: Forwarding over wireguard
On Wed, 8 Dec 2021 18:56:51 -0500
Dan Ritter <dsr@randomstring.org> wrote:
> Charles Curley wrote:
> > I have a wireguard setup that lets me ping from either endpoint to
> > the other. Using the client, I would like to address hosts on the
> > home (server's) network by their local IP addresses.
> >
>
> The client's routing table looks fine after you start wg0. What
> does the home server's routing table look like?
root@hawk:/etc/wireguard# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default freeman.localdo 0.0.0.0 UG 0 0 0 enp3s0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.124.0 jhegaala.locald 255.255.255.0 UG 0 0 0 enp3s0
root@hawk:/etc/wireguard#
>
> Is it forwarding IPv4 packets for anything else, or is this the
> first time it's been a router?
Not the first time. It forwards packets for 192.168.122.0/24, a virtual
network of virtual machines.
>
> Does it have any firewall policies or rules?
Yes. However, dropping all firewall rules makes no discernible
difference.
I also instrumented both interfaces with "tcpdump -i wg0". I saw plenty
of DNS and ICMP traffic originating on the client, aimed at the
server's wg0 IF. But nothing for 192.168.100.0/24 showed up.
>
> -dsr-
>
--
Does anybody read signatures any more?
https://charlescurley.com
https://charlescurley.com/blog/
Reply to: