docs.facundoitest.space

User Tools

Site Tools

Trace: forzar_detencion_de_backups_en_proxmox mapear_unidad_con_net_use agregar_calendar_reviewers self_-_elevation sre_nre uso_del_bodyashtml cv_-_about_me job_post_fetcher_app delete_files_older_than monitorear_temperatura_del_cpu_con_zabbix_userparameters
vpn_site2site_usando_zerotier_con_bridge_en_lxc

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
vpn_site2site_usando_zerotier_con_bridge_en_lxc [2024/10/28 14:28] – [Step 10: Enable Traffic Routing and Masquerading (if needed)] osovpn_site2site_usando_zerotier_con_bridge_en_lxc [2025/07/10 15:41] (current) oso
Line 107: Line 107:
  
 ---- ----
- 
- 
-===== About the IPTables Setup ===== 
- 
- 
-**Summary of IPTables Configuration for Gateway Setup** 
- 
-We configured IPTables to allow `srv05` to act as a gateway between the `10.241.0.0/16` network (Zerotier subnet) and `192.168.88.0/24` (homelab subnet). Key adjustments included using network addresses rather than specific interface names to facilitate flexible routing and translation between subnets. 
- 
-### IPTables Rules Configuration 
- 
-The configuration is as follows: 
- 
-<code> 
-# Generated by iptables-save v1.8.10 (nf_tables) on Sun Oct 27 21:46:33 2024 
-*filter 
-:INPUT ACCEPT [27860:3271118] 
-:FORWARD ACCEPT [0:0] 
-:OUTPUT ACCEPT [0:0] 
--A INPUT -p tcp -m tcp --dport 6162 -m comment --comment "Veeam transport rule" -j ACCEPT 
--A INPUT -p tcp -m tcp --dport 6160 -m comment --comment "Veeam deployment rule" -j ACCEPT 
-COMMIT 
- 
-*nat 
-:PREROUTING ACCEPT [0:0] 
-:INPUT ACCEPT [0:0] 
-:OUTPUT ACCEPT [0:0] 
-:POSTROUTING ACCEPT [0:0] 
--A POSTROUTING -o lxcbr0 -s 10.241.0.0/16 -j SNAT --to-source 192.168.88.84 
-COMMIT 
- 
-*filter 
-:INPUT ACCEPT [0:0] 
-:FORWARD DROP [0:0] 
--A FORWARD -s 10.241.0.0/16 -d 192.168.88.0/24 -j ACCEPT 
--A FORWARD -s 192.168.88.0/24 -d 10.241.0.0/16 -j ACCEPT 
-:OUTPUT ACCEPT [0:0] 
-COMMIT 
-</code> 
- 
-==== Notes ==== 
- 
-  * **Routing**: By using network address-based rules instead of specific interfaces, the configuration is more adaptable to interface changes, simplifying maintenance. 
-  * **SNAT Rule**: The <code>POSTROUTING</code> rule in the <code>*nat</code> table ensures that traffic originating from the `10.241.0.0/16` network and routed through `lxcbr0` is translated to the source IP `192.168.88.84`. 
-  * **Unprivileged LXC Consideration**: If switching to unprivileged LXC containers, additional permissions or network namespace adjustments may be required, as unprivileged containers have restricted access to networking by default. 
- 
  
vpn_site2site_usando_zerotier_con_bridge_en_lxc.1730125688.txt.gz · Last modified: 2024/10/28 14:28 by oso