I’m trying to use my router as an internet edge gateway for my ZeroTier network. For this, I need to enable ip_forwarding and NAT. On a CentOS, I would do the following:
sysctl net.ipv4.ip_forward=1
def=$(ip route | grep ^default | awk '{ print $5 }')
for iface in $(ls /sys/class/net | grep $def) ; do
iptables -t nat -A POSTROUTING -o "${iface}" -j MASQUERADE ;
ip6tables -t nat -A POSTROUTING -o "${iface}" -j MASQUERADE ;
done
I tried the same on my OpenWRT device and nothing seems to happen, not even an error. Can someone help me here?
what firmware version are you using?
I am the OEM firmware. I got this to work by adding firewall rules. IP forwarding was enabled by default.
In my modem, the forwarding is enabled by default. You can verify it by invoking:
# cat /proc/sys/net/ipv4/ip_forward
1
You do not need to duplicate the postrouting rules; they are already there. You just need to enable them correctly from the Firewall in Luci. You can verify you existing rules:
# iptables -t nat -L | awk 'BEGIN{IGNORECASE = 1}/POSTROUTING/,/^$/'
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
postrouting_rule all -- anywhere anywhere /* !fw3: Custom postrouting rule chain */
zone_lan_postrouting all -- anywhere anywhere /* !fw3 */
zone_wan_postrouting all -- anywhere anywhere /* !fw3 */
Chain postrouting_lan_rule (1 references)
target prot opt source destination
Chain postrouting_rule (1 references)
target prot opt source destination
Chain postrouting_wan_rule (1 references)
target prot opt source destination
Chain zone_lan_postrouting (1 references)
target prot opt source destination
postrouting_lan_rule all -- anywhere anywhere /* !fw3: Custom lan postrouting rule chain */
Chain zone_wan_postrouting (1 references)
target prot opt source destination
postrouting_wan_rule all -- anywhere anywhere /* !fw3: Custom wan postrouting rule chain */
MASQUERADE all -- anywhere anywhere /* !fw3 */