I've studied the docs and am thoroughly confused about whether to use arprules, mangle, policy, providers, proxyarp, routes, rtrules, snat, or tunnels, or some combination. I sure someone can advise.
I have a Wireguard server with three interfaces: - inWG - remote devices (phones, laptops) come in here, to reach the LAN. - outWG - The LAN (and in some cases remote devices above), goes out here over a VPN hoster, ultimately to the internet. - eth0 - The local LAN interface As things are now, the local LAN can communicate just fine, through eth0 to outWG, with a masquerade rule in snat. BUT remote devices coming in to inWG are getting sent right back out outWG, no matter the destination IP, rather than going to the local LAN. What I need is for remote devices with a destination of 10.1.1.0/24 to be routed from inWG to eth0 (or to localhost if 10.1.1.1). And if remote devices are calling for an IP outside 10.1.1.0/24, those packets should be routed from inWG to outWG. If I'm understanding, if I snat inWG to eth0, it would not allow access to 10.1.1.1, nor for unknown IPs out outWG. This implies that maybe some prerouting needs to take place, and there are so many possibilities I'm swamped. Another possibility is in my masquerade rule, if there's some way to NOT 10.1.1.0/24. Can anyone advise?
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
