On Sat, Dec 22, 2018 at 04:17:59PM -0800, C. Cook wrote: > I've set up WireGuard on a VM in my LAN. In the LAN's router I am > port-forwarding my chosen (UDP) WireGuard port to the WireGuard server > in the LAN. (All CentOS 7.6) I've forwarded the shorewall.dmp from the > WG server to Tom.
What are the hosts involved ? WG <-> LAN router <-> internet ? What address/interface/zone are you connecting from ? Shorewall is running on WG, router, or both ? > For the life of me I can not get the WG phone app communicating with the > server. >From the LAN or public internet ? There seems to be an issue with shorewall, but did you also check that WG has its port opened and forwarded to the VM ? > [1123910.652480] FORWARD REJECT IN=eth0 OUT=eth0 > MAC=00:1f:5b:69:23:8c:f6:b5:2f:a2:db:8e:08:00 SRC=172.58.40.50 > DST=10.1.50.16 LEN=176 TOS=0x00 PREC=0x00 TTL=53 ID=0 PROTO=UDP > SPT=37262 DPT=7962 LEN=156 Is this is matching a "policy" log line or something else ? eth0 is "net" but has a private IP ? > Here's the DNAT in rules: > > DNAT net local:10.1.50.16 udp wgvpn - Is that line early enough and in the (default) NEW section ? Should I assume wgvpn is added to local services as UDP port 7962 ? shorewall.conf has IP_FORWARDING=Yes ? Justin _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
