Hi @zt-travis. Now you have me hooked! I seeem to be falling between two stools here, you might say. I have a small business I run from my home but much of my time is spent out and about. Please excuse that I have some experience of networking, Linux and command line, but no formal training.
I followed and adapted the Knowledge Base article “Bridge your ZeroTier and local network with a RaspberryPi” updated by you in Feb-2021. My gateway is an R-Pi Model B (Buster-lite) and performance is good and snappy running ZT and bridge. I adapted/configured to suit my ZT network and my LAN. All great. Everything the way it should be, everything talking to everything and bridging allowing bothway visibility of all devices between both networks. The iptables rules piece at the end of your article makes no difference to functionality, plus it does not persist after rebooting the bridge device. No matter. The IP address range for ZT is set to be within the LAN IP address range but outside the DHCP range for the LAN. LAN DHCP and DNS is a Pi-Hole at IP address 192.168.57.250 (static).
My network parameters for bridging are:
- Physical LAN Subnet: 192.168.57.0/24
- Physical LAN DHCP RANGE: 192.168.57.100 through 192.168.57.139
- ZeroTier Auto-Assign Range: 192.168.57.50 through 192.168.57.60
- ZeroTier Managed Route: 192.168.57.0/23
- Default Gateway IP Address: 192.168.57.254
- Bridge IP Address: 192.168.57.246 (static)
I then followed the Knowledge Base article “Overriding Default Route / Full Tunnel Mode” updated by you in Sept-2020. That article is based on CentOS and I’m having trouble translating it to R-Pi OS. I have added a new Managed Route on ZT at: 0.0.0.0/24 via 192.168.57.246. I have made the edit to /etc/sysctl.conf on the R-Pi to allow IPv4 forwarding. I have queries about the iptables section:
What is meant by the term ‘public IP of the gateway’? Is that the LAN IP (in my case 192.168.57.254)? Or is it the WAN IP address provided by my ISP? My ISP changes the WAN IP regularly, static is not an option.
In R-Pi OS the location /etc/sysconfig does not exist. Where to create/edit the iptables file?
Should the iptables configuration be made persistent?
My (road warrior) clients are Windows 10 laptops and iOS devices. I have accesss to an Android tablet for testing purposes. This means that the rest of the “…Full Tunnel Mode” tutorial is not relevant as it applies to Linux clients, I presume.
If R-Pi is the subject of the 'Bridging" Knowlwdge Base article it would be perfect if the 'Full Tunnel" article were a smooth follow on using the same R-Pi.
Thanks in advance.