Hi everyone,
I am absolutely stuck. I am able to get a remote client, my phone in this case, to connect and communicate with my internal network; however, I am unable to have that client communicate with the Internet. I have tried googling on how to do this but I am absolutely stuck. Here is my firewall-start script:
Code:
#!/bin/sh
iptables -I INPUT -p tcp --destination-port 51413 -j ACCEPT
iptables -I INPUT -p udp --destination-port 51413 -j ACCEPT
logger -t "custom iptables" "Enter" -p user.notice
iptables -C INPUT -i zt+ -j ACCEPT
if [ $? != 0 ]; then
iptables -I INPUT -i zt+ -j ACCEPT
iptables -t nat -I PREROUTING -i zt+ -d 192.168.192.0/24 -p tcp -m multiport --dport 21,22,80 -j DNAT --to-destination `nvram get lan_ipaddr`
logger -t "custom iptables" "rules added" -p user.notice
else
logger -t "custom iptables" "rules existed skip" -p user.notice
fi
iptables -t nat -A POSTROUTING -o br0 -s 192.168.192.0/24 -j SNAT --to-source `nvram get lan_ipaddr`
iptables -I FORWARD -i zt+ -d `nvram get lan_ipaddr`/24 -j ACCEPT
iptables -I FORWARD -i br0 -d 192.168.192.0/24 -j ACCEPT
I would appreciate any help on this, because I want to be able to use the Internet through my ZeroTier VPN by using my router’s ad-blocking and for privacy in general. So far I have read through ZT’s documentation, read through several websites on setting this up on various devices and none of it worked. I have Asus Merlin firmware on my router and I have already set up the managed route as described below:
0.0.0.0/0 via 192.168.192.237
192.168.192.0/24 (LAN)
My WAN interface is eth4 but my ISP uses dynamic IPs, so I have tried MASQUERADE over SNAT without any success (I may have used it incorrectly). I hope this extra info can help.