0

I have a server S, client A and client B. All are Ubuntu boxes and all are in different cities (Seattle, Albuquerque and Boston). S has wireguard installed and both A and B establish connection to wireguard and end up in the same VPN. A and B see each other and can ping each other.

I was able to get all internet traffic from A being routed through S. So A's IP is shown as Seattle.

I now want to route its traffic through B - so that A's IP is shown as Boston - but I can't find a way to properly configure this. My iptables on S are configured as:

# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i ext-card -p udp -m udp --dport 51820 -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A FORWARD -i wg0 -o ext-card -j ACCEPT
-A FORWARD -i ext-card -o wg0 -j ACCEPT
-A FORWARD -i ext-card -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wg0 -o ext-card -j ACCEPT
-A FORWARD -i wg0 -j ACCEPT

# iptables -S -t nat
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-A POSTROUTING -s <LAN-IP> -o ext-card -j MASQUERADE
-A POSTROUTING -o external-card -j MASQUERADE

If I set the same ip tables on B and on A add a route add-default-route B-private-ip - it doesn't work.

I would like some input on:

  • how to check if my routing and ip tables are working properly?
  • how should the config look on A, B and S to achieve what I want?
yooklyn
  • 1
  • It's about routing, but you provide only iptables settings. iptables doesn't route. You should provide all the addresses involved with A, S and B, and their routes, to clarify the question so it can be seen what can be done. Usually `ip -br link; ip -4 -br address; ip route` but with WireGuard, the WireGuard configuration (or else `wg show`, `ip rule` and possible additional routing tables) should also be provided – A.B Oct 09 '21 at 16:02

0 Answers0