Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # sysctl -a |grep 'forwarding = 1'
- net.ipv4.conf.ens3.forwarding = 1
- net.ipv4.conf.tun-ivn.forwarding = 1
- net.ipv4.conf.wg-ivn.forwarding = 1
- # iptables-save
- *nat
- :PREROUTING ACCEPT [113088:6708414]
- :INPUT ACCEPT [103613:5878807]
- :OUTPUT ACCEPT [364:21872]
- :POSTROUTING ACCEPT [364:21872]
- -A PREROUTING -i tun-ivn -j MARK --set-xmark 0x7b/0xffffffff
- -A PREROUTING -i wg-ivn -j MARK --set-xmark 0x7b/0xffffffff
- -A POSTROUTING -o ens3 -m mark --mark 0x7b -j MASQUERADE
- COMMIT
- *filter
- :INPUT ACCEPT [178114:14065613]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [175869:18034452]
- -A FORWARD -i tun-ivn -o ens3 -j ACCEPT
- -A FORWARD -i wg-ivn -o ens3 -j ACCEPT
- -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -j DROP
- COMMIT
- # tcpdump -ni wg-ivn
- tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
- listening on wg-ivn, link-type RAW (Raw IP), capture size 262144 bytes
- 10:23:18.458643 IP 10.254.221.8 > 163.172.74.46: ICMP echo request, id 19, seq 674, length 64
- 10:23:19.472094 IP 10.254.221.8 > 163.172.74.46: ICMP echo request, id 19, seq 675, length 64
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement