Wireguard and martian logging

trendy · April 25, 2020, 8:29pm

I didn't ask you to execute the command to a file. I didn't ask you to open it in wireshark and paste all this useless data on the thread.
If you cannot find a single host in the lan that is not so active in sending packets, you can append the and icmp at the end of the command and it will filter the ping and the reply.

Debhost · April 25, 2020, 9:21pm

root@23400S:~# tcpdump -i any -evn host 192.168.1.100 and icmp
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
18:07:19.806240  In ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.9.3 > 192.168.1.100: ICMP echo request, id 47, seq 1, length 64
18:07:19.806385 Out 68:ff:7b:47:a4:b0 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.9.3 > 192.168.1.100: ICMP echo request, id 47, seq 1, length 64
18:07:19.806407 Out 68:ff:7b:47:a4:b0 ethertype IPv4 (0x0800), length 100: (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    192.168.9.3 > 192.168.1.100: ICMP echo request, id 47, seq 1, length 64
^C
3 packets captured
3 packets received by filter
0 packets dropped by kernel

that's one of the servers that blocks requests

trendy · April 25, 2020, 9:25pm

Have you added the masquerade on lan interface for packets coming from wg interface as I told you here?
It doesn't look so.
Verify it with iptables-save -c | grep -i masq

Debhost · April 25, 2020, 9:32pm

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'
        option masq_src '192.168.9.0/24'

[44852:3786934] -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
[12266:1013474] -A zone_wanb_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_zone_vpn1_postrouting -m comment --comment "!fw3" -j MASQUERADE
[0:0] -A zone_zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE

As you can see I had forgotten to activate masq now it works correctly! sorry for the mistake.

system · May 5, 2020, 9:32pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.