Access LAN devices without zerotier via synology

I am using zerotier on my synology via docker (see Synology NAS | ZeroTier Documentation).

I would like my synology to also forward traffic to a device where I cannot install zerotier on.

I tried to follow the steps in https://zerotier.atlassian.net/wiki/spaces/SD/pages/224395274/Route+between+ZeroTier+and+Physical+Networks however, the iptables rules dont seem to be correct.

Whenever I do

iptables --list-rules

I get the following result

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N DEFAULT_FORWARD
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-N DOS_PROTECT
-N FORWARD_FIREWALL
-N INPUT_FIREWALL
-A INPUT -j DOS_PROTECT
-A INPUT -j INPUT_FIREWALL
-A FORWARD -j FORWARD_FIREWALL
-A FORWARD -j DEFAULT_FORWARD
-A DEFAULT_FORWARD -i eth0 -o ztfp6elne -m state --state RELATED,ESTABLISHED -j ACCEPT
-A DEFAULT_FORWARD -i ztfp6elne -o eth0 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p udp -m udp --dport 10001 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8880 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8843 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8443 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8081 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 6789 -j ACCEPT
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p udp -m udp --dport 3478 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 443 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
-A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p udp -m udp --dport 2055 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A DOS_PROTECT -i ovs_bond0 -p icmp -m icmp --icmp-type 8 -m limit --limit 1000/sec -j RETURN
-A DOS_PROTECT -i ovs_bond0 -p icmp -m icmp --icmp-type 8 -j DROP
-A DOS_PROTECT -i ovs_bond0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN
-A DOS_PROTECT -i ovs_bond0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A DOS_PROTECT -i ovs_bond0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 10000/sec --limit-burst 100 -j RETURN
-A DOS_PROTECT -i ovs_bond0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A FORWARD_FIREWALL -i lo -j ACCEPT
-A FORWARD_FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD_FIREWALL -p udp -m udp --sport 41641 -j RETURN
-A FORWARD_FIREWALL -p udp -m udp --dport 41641 -j RETURN
-A FORWARD_FIREWALL -p tcp -m multiport --dports 873,5001,6690,30300,30200:30299,16514,16509 -j RETURN
-A FORWARD_FIREWALL -p tcp -m multiport --dports 2379:2382,5005,5006,1723,522,22 -j RETURN
-A FORWARD_FIREWALL -p udp -m multiport --dports 1194,1701,4500,500 -j RETURN
-A FORWARD_FIREWALL -p gre -j RETURN
-A FORWARD_FIREWALL -p esp -j RETURN
-A FORWARD_FIREWALL -p ah -j RETURN
-A FORWARD_FIREWALL -s 192.168.2.0/24 -j RETURN
-A FORWARD_FIREWALL -m geoip --source-country AT,DE  -j RETURN
-A FORWARD_FIREWALL -s 192.168.2.0/24 -p tcp -m tcp --dport 53 -j RETURN
-A FORWARD_FIREWALL -s 192.168.2.0/24 -p udp -m udp --dport 53 -j RETURN
-A FORWARD_FIREWALL -s 192.168.2.0/24 -p tcp -m tcp --dport 9999 -j RETURN
-A FORWARD_FIREWALL -j DROP
-A INPUT_FIREWALL -i lo -j ACCEPT
-A INPUT_FIREWALL -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT_FIREWALL -p udp -m udp --sport 41641 -j RETURN
-A INPUT_FIREWALL -p udp -m udp --dport 41641 -j RETURN
-A INPUT_FIREWALL -p tcp -m multiport --dports 873,5001,6690,30300,30200:30299,16514,16509 -j RETURN
-A INPUT_FIREWALL -p tcp -m multiport --dports 2379:2382,5005,5006,1723,522,22 -j RETURN
-A INPUT_FIREWALL -p udp -m multiport --dports 1194,1701,4500,500 -j RETURN
-A INPUT_FIREWALL -p gre -j RETURN
-A INPUT_FIREWALL -p esp -j RETURN
-A INPUT_FIREWALL -p ah -j RETURN
-A INPUT_FIREWALL -s 192.168.2.0/24 -j RETURN
-A INPUT_FIREWALL -m geoip --source-country AT,DE  -j RETURN
-A INPUT_FIREWALL -s 192.168.2.0/24 -p tcp -m tcp --dport 53 -j RETURN
-A INPUT_FIREWALL -s 192.168.2.0/24 -p udp -m udp --dport 53 -j RETURN
-A INPUT_FIREWALL -s 192.168.2.0/24 -p tcp -m tcp --dport 9999 -j RETURN
-A INPUT_FIREWALL -j DROP
sh-4.4#

I am guessing that the iptables rules dont match to my setup.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.