I'm trying to use my OpenWRT device as an internet edge gateway for my ZeroTier network. For this, I need to enable ip_forwarding and NAT. On a CentOS, I would do the following:
sysctl net.ipv4.ip_forward=1
def=$(ip route | grep ^default | awk '{ print $5 }')
for iface in $(ls /sys/class/net | grep $def) ; do
iptables -t nat -A POSTROUTING -o "${iface}" -j MASQUERADE ;
ip6tables -t nat -A POSTROUTING -o "${iface}" -j MASQUERADE ;
done
I tried the same on my OpenWRT device and nothing seems to happen, not even an error. Can someone help me here?
Forwarding is enabled by default for IPv4 and IPv6.
If you want to get a default route, I recommend: ip route show default; or even better, if you have installed the ip-full package, then use: ip --json route show default.
Do you want to enable Masquerade on all your VPN(?) interfaces? Are these known upfront, or created dynamically?
If they are known upfront: Configure them in /etc/config/firewall in a config zone, i.e. with option name zerotier and list network .... Example:
config zone
option name zerotier
list network ztif0
list network ztif1
option input ACCEPT
option output ACCEPT
option forward ACCEPT
option masq 1
(The "network" is the same as configured in /etc/config/network...)
If the interfaces are not known upfront, then I would use a hook/hotplug script, i.e. located in /etc/hotplug.d/iface/
