Skip to content

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NAT MASQUERADE Conflicts with ZeroTier -- Solution provided, please implement. #1270

Closed
jsn0327 opened this issue Dec 23, 2022 · 0 comments
Closed

NAT MASQUERADE Conflicts with ZeroTier -- Solution provided, please implement. #1270

jsn0327 opened this issue Dec 23, 2022 · 0 comments

Comments

@jsn0327
Copy link

jsn0327 commented Dec 23, 2022

I have seen a couple of posts regarding ZeroTier not working on RaspAP. I had this issue as well and did some research. The issues causing the ZeroTier service to fail are the NAT rules that are configured during setup. With the current configuration, MASQUERADE is being applied to all interfaces. ZeroTier requires a connection on localhost (127.0.0.1) TCP port 9993 to startup properly. With the current NAT configuration, all traffic, regardless of which interface it comes out of, is being masqueraded. I have fixed this issue by only masquerading the traffic on the AP interface (10.3.141.0/24). I tried to keep the current masquerade all configuration and only exempt the localhost interface, but I could not get ZeroTier to work with that configuration. If the MASQUERADE any/any rule is set (in bold below), regardless of the order of the rules in iptables, the ZeroTier service will not start properly. I assume that this any/any rule is set so that all traffic will be masqueraded, regardless of the IP range that users set for their AP interface in the Web UI. If there is a way to keep that command and exempt the localhost interface, that may be a better long-term solution.

I do not know how to do pull requests in github, but below is what I changed on my RaspAP installation. ZeroTier is now working with no issues, and traffic is being routed properly from the AP (wlan0) when either the WiFi (wlan1) or Ethernet (eth0) interfaces are used as sources.

Current NAT commands in RaspAP Setup:

sudo iptables -t nat -A POSTROUTING -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.50.0/24 ! -d 192.168.50.0/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4

My working NAT commands (change IP range to match your AP range if it isn't the default)

sudo iptables -F; sudo iptables -t nat -F; sudo iptables -t mangle -F
sudo iptables -t nat -A POSTROUTING -s 10.3.141.0/24 ! -d 10.3.141.0/24 -j MASQUERADE
sudo iptables-save | sudo tee /etc/iptables/rules.v4
@jsn0327 jsn0327 mentioned this issue Dec 23, 2022
Closed
@RaspAP RaspAP locked and limited conversation to collaborators Dec 23, 2022
@billz billz converted this issue into discussion #1271 Dec 23, 2022

This issue was moved to a discussion.

You can continue the conversation there. Go to discussion →

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jsn0327