1·
3 months agoOh yeah, can’t use the same IP range as your LAN, that will lead to problems. :D Glad it’s fixed.
Out of curiosity, does forwarding work now without the output (-o) command in PostUp?
- 0 Posts
- 8 Comments
Joined 1 year ago
Cake day: July 8th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Like I said in another thread on this post, I’m pretty sure that’s because they are forwarding input but not output in the PostUp rules. Setting a /32 in AllowedIPs works fine for me.
What are you trying to say? That reply also shows AllowedIPs set to a /32 on the server side.
I don’t think that’s what the setting does. Anyway, I have them set to a /32 IP in my server config and it works nonetheless. I get full access to the /24 behind the server from the client.
You have ALL traffic being routed over Wireguard here.
Please correct me if I’m wrong, but isn’t it the other way around? All Wireguard traffic is forwarded to the local interface.
I think the problem might be your PostUp/PostDown lines have an in-interface (-i) but are missing an out-interface (-o) for the forwarding. Try this:
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE
Linux users can’t even agree […] so how am I supposed to pick one with any confidence?
Easy. You make a post like the OP, count the positive mentions of distros in the comments, and bam, you have your distro of choice. It’s called the Linux newbie roulette and works kind of like the magic hat in Harry Potter that sorts you into your house.
First I heard of this, but since it seems to be just some software that runs on the hardware of car manufacturers it seems rather unlikely. But very theoretically possible, if the car manufacturer was using default process scheduling in a CPU constrained machine and now switches to real-time scheduling in an update. But that was possible for years before this news, the code has just been mainlined to the default kernel now. If the car manufacturer cared about that they would probably have done it already with a patched kernel.