Hello,
following guide, i am pretty sure what zerotier was installed and configured correctly.
LAN and home network connections works fine, but any connection to Internet are broken from devices inside zerotier lan.
Current setup is:
Zerotier account, gateway firewall and client configuration:
Gateway configuration:
- OrangePi with Armbian 23 Bullseye
- ip route:
default via 192.168.1.1 dev eth0 proto dhcp metric 100
169.254.0.0/16 dev ztfp6azmws scope link metric 1000
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.95 metric 100
192.168.200.0/24 dev ztfp6azmws proto kernel scope link src 192.168.200.95
- Iptables output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- 192.168.200.0/24 anywhere
ACCEPT all -- anywhere 192.168.200.0/24
- iptables config:
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -s 192.168.200.0/24 -j SNAT --to-source <XXX.XXX.XXX.XXX external IP>
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
-A FORWARD -i ztfp6azm -s 192.168.200.0/24 -d 0.0.0.0/0 -j ACCEPT
-A FORWARD -i eth0 -s 0.0.0.0/0 -d 192.168.200.0/24 -j ACCEPT
:OUTPUT ACCEPT [0:0]
COMMIT
- port forwarding output (cat /proc/sys/net/ipv4/ip_forward) :
1
From 192.168.200.XXX to 192.168.1.XXX everything works (access to samba and other local resources).
And connection does not work to internet from 192.168.200.XXX via 192.168.200.95 (same thing from windows pc, from android phone).
I do not understand why this thing does not work