@Boilerplate4U I have tried your link but with no luck.
My configuration at my.zerotier.com is as follows (see picture):
Now I have tried this example without the IPv6 part as this is optional:
https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode
I can ping my Server by Oracle (192.168.192.195) but I have only the ip address from my ISP and not the public IP address of the server.
How can I make that? When I surf the internet after connecting to ZeroTier that I get the IP address of the server by oracle and all traffic goes over the oracle server with installed ZeroTier without any other software.
Here my config of “/etc/sysconfig/iptables”:
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -s 10.6.4.0/22 -j SNAT --to-source 141.147.22.189
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
-A FORWARD -i ztly53qsrg -s 10.6.4.0/22 -d 0.0.0.0/0 -j ACCEPT
-A FORWARD -i eth0 -s 0.0.0.0/0 -d 10.6.4.0/0 -j ACCEPT
:OUTPUT ACCEPT [0:0]
COMMIT
Here my config of "/usr/lib/sysctl.d/50-default.conf ":
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See sysctl.d(5) and core(5) for documentation.
# To override settings in this file, create a local file in /etc
# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments
# there.
# System Request functionality of the kernel (SYNC)
#
# Use kernel.sysrq = 1 to allow all keys.
# See https://www.kernel.org/doc/html/latest/admin-guide/sysrq.html for a list
# of values and keys.
kernel.sysrq = 16
# Append the PID to the core filename
kernel.core_uses_pid = 1
# https://bugzilla.redhat.com/show_bug.cgi?id=1689346
kernel.kptr_restrict = 1
# Source route verification
net.ipv4.conf.all.rp_filter = 2
# Do not accept source routing
net.ipv4.conf.all.accept_source_route = 0
# Promote secondary addresses when the primary address is removed
net.ipv4.conf.all.promote_secondaries = 1
net.ipv4.ip_forward = 1
# ping(8) without CAP_NET_ADMIN and CAP_NET_RAW
# The upper limit is set to 2^31-1. Values greater than that get rejected by
# the kernel because of this definition in linux/include/net/ping.h:
# #define GID_T_MAX (((gid_t)~0U) >> 1)
# That's not so bad because values between 2^31 and 2^32-1 are reserved on
# systemd-based systems anyway: https://systemd.io/UIDS-GIDS.html#summary
-net.ipv4.ping_group_range = 0 2147483647
# Fair Queue CoDel packet scheduler to fight bufferbloat
net.core.default_qdisc = fq_codel
# Enable hard and soft link protection
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
Here my IP config “command: ip a”:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
link/ether 02:00:17:0a:46:90 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
inet 10.0.0.67/24 brd 10.0.0.255 scope global dynamic noprefixroute eth0
valid_lft 84690sec preferred_lft 84690sec
inet6 fe80::17ff:fe0a:4690/64 scope link
valid_lft forever preferred_lft forever
3: ztly53qsrg: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether d2:23:99:37:df:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.192.195/24 brd 192.168.192.255 scope global ztly53qsrg
valid_lft forever preferred_lft forever
inet6 fe80::d023:99ff:fe37:dff6/64 scope link
valid_lft forever preferred_lft forever
I would be happy if someone could help me. Since I have no more idea how I can run the internet traffic completely over ZeroTier over my Oracle Server (OS: AlmaLinux 8). So that the IP address of the Oracle server is only visible for others (another Servers/Webservers/Websites) and just not my IP from my ISP.