@chongnt In my case, DNS is 10.50.1.2. I can ping this from the wg21 connected client but not from any clients on 192.168.1.x (destination host unreachable). Likewise, I cannot get DNS or ping 192.168.1.x or WAN IP's from wg21.
I'm guessing that I don't have the right routing configured for this. Other than the 9810 rule, do you have any other rules for your wg21 connection?
And looking at more general wireguard guides, they seem to mention this as being needed:
Code:
PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Which would mean we need to point wg21 to br0? I tried this in the up and down scripts and it complained about duplicated rules and the rules table is unchanged:
Code:
0: from all lookup local
9810: from all fwmark 0xd2 lookup 210
9910: from all to 192.168.0.0/16 lookup main
9911: from 192.168.6.0/24 lookup 121
32766: from all lookup main
32767: from all lookup default
I tried also:
Code:
iptables -t nat -I POSTROUTING -s 10.50.1.0/24 -o br0 -j MASQUERADE
But it complained about 10.50.1.0/24 as being a bad address.
Assuming from above, I have the necessary rules, is there anywhere I can check for possible firewall or other rules that could be blocking?