0

I think I have a simple scenario that I cannot manage to make it work:

I have a router (Edgerouter-X) whose eth0 is connected to my home LAN (192.168.0.0/24) which is connected to the internet. The same router has a switch0 interface (eth1, eth2, eth3 and eth4) that hosts the LAN 10.0.0.0/24 (running a dhcp server). Lastly, the edgerouter is running ZeroTier and exposing my ZeroTier network (172.30.0.0/16) on the interface eth6 (172.30.57.141).

I want that any device connected to the LAN 10.0.0.0/24 has it's traffic routed through eth6 interface towards the ZeroTier network. Also, I want to masquerade the outgoing packets through eth6, so the ZeroTier network doesn't need to know the LAN IPs in order to come back.

How should I configure my router in order to achieve this goal? Should I use static routes? iptables? port forwarding? I am lost. My first idea was to add a static route with destination 0.0.0.0/0 through eth6, but that way I lose the internet connection, and I think I "disconnect" the eth6 interface from the ZeroTier network.

Interface    IP Address                        S/L  Description       
---------    ----------                        ---  -----------       
eth0         192.168.0.254/24                  u/u  Internet          
eth1         -                                 u/u  Local             
eth2         -                                 u/D  Local             
eth3         -                                 u/D  Local             
eth4         -                                 u/D  Local             
eth6         172.30.57.141/16                  u/u  ZeroTier          
lo           127.0.0.1/8                       u/u                    
             ::1/128
switch0      10.0.0.1/24                       u/u  Local 

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N VYATTA_FW_IN_HOOK
-N VYATTA_FW_LOCAL_HOOK
-N VYATTA_FW_OUT_HOOK
-N WAN_IN
-N WAN_LOCAL
-A INPUT -j VYATTA_FW_LOCAL_HOOK
-A FORWARD -j VYATTA_FW_IN_HOOK
-A FORWARD -j VYATTA_FW_OUT_HOOK
-A VYATTA_FW_IN_HOOK -i eth0 -j WAN_IN
-A VYATTA_FW_LOCAL_HOOK -i eth0 -j WAN_LOCAL
-A WAN_IN -m comment --comment WAN_IN-10 -m state --state RELATED,ESTABLISHED -j RETURN
-A WAN_IN -m comment --comment WAN_IN-20 -m state --state INVALID -j DROP
-A WAN_IN -m comment --comment "WAN_IN-10000 default-action drop" -j DROP
-A WAN_LOCAL -m comment --comment WAN_LOCAL-10 -m state --state RELATED,ESTABLISHED -j RETURN
-A WAN_LOCAL -m comment --comment WAN_LOCAL-20 -m state --state INVALID -j DROP
-A WAN_LOCAL -m comment --comment "WAN_LOCAL-10000 default-action drop" -j DROP

IP Route Table for VRF "default"
S    *> 0.0.0.0/0 [1/0] via 192.168.0.1, eth0
C    *> 10.0.0.0/24 is directly connected, switch0
C    *> 127.0.0.0/8 is directly connected, lo
C    *> 172.30.0.0/16 is directly connected, eth6
C    *> 192.168.0.0/24 is directly connected, eth0
MikeBlonde
  • 1

0 Answers0