I have two containers linuxserver/wireguard and X on Ubuntu (server) 20.04.
X has a WebUI on port q that I would like to access via my local network (192.168.178.0/24 - fritzbox).
They are configured that X uses the same 'network' as linuxserver/wireguard (via docker's --net=container:wireguard). Additionally the port q used by X is specified via -p q:q on linuxserver/wireguard.
So
- docker create --name=wireguard [...] -p q:q linuxserver/wireguard
- docker create --name=X [...] --net=container:wireguard -e WebUI_Port=q X
Additionally I supply the sysctls net.ipv4.conf.all.src_valid_mark=1 and net.ipv6.conf.all.disable_ipv6=0.
The client file wg0.conf of wireguard is not setup as follows:
[Interface]
PrivateKey = [...]
Address = [...]
DNS = [...]
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
PublicKey = [...]
AllowedIPs = 0.0.0.0/0,::0/0
Endpoint = [...]
Starting both containers I was hoping to get access to the WebUI, but sadly this wasn't the case. As I am not sure whether this is a docker or wireguard related problem, hopefully you can help out here.
I additionally tried adding the rules
ip route add 192.168.178.0/24 via $(ip route show default | awk '/default/ {print $3}')
(as an extra command) and
! -d 192.168.178.0/24
(inside the iptables command), but haven't gotten any results.
In the logs of linuxserver/wireguard I only find sysctl: setting key "net.ipv4.conf.all.src_valid_mark": Read-only file system
as differing output.