On 12/23/18 11:59 AM, C. Cook wrote: > In the router I am trying to DNAT an IP that should be _encapsulated > in the tunnel_. It must be that I should DNAT the LAN address of the > WG server. > > *DOH!!* > > Now it is fscking pinging the WG server 10.1.5.16 from the phone! > > But I can't ping that server's LAN address, nor any other address on > the LAN. So the phone app is communicating with the WG server but not > the rest of the system. And no Shorewall errors in dmesg on that > server. Hmm. > > > > You can maybe run date |logger to make a timestampped log. > > Or configure r/syslog to include timestamps to /var/log/syslog (messages?) > > I find that what I want is in /etc/profile: > > alias dmesg='dmesg -T --ctime' > Turns out that in the phone WireGuard app I had set for peer IPs only the WG IP. I had to add the WG server's LAN IP to Allowed to be able to ping it.
Still can't ping any other LAN member though, even though in the WG server I have sysctl.d/ net.ipv4.ip_forward = 1 net.ipv4.conf.all.forwarding=1 #net.ipv4.conf.all.mc_forwarding=0 And shorewall.conf IP_FORWARDING=Yes Rebooted of course.
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
