I may not be understanding this correctly If I setup a node

Question

I may not be understanding this correctly If I setup a node as egress I should be able to access any of the IP s on the same LAN right Say it s on 192 168 0 0 16 and I use that for the egress gateway then I should be able to connect to any machine on that network without having to have netclient on them right Despite having a node setup as engress I can only access the node its self none of the machines on the network it s setup to egress I ve tried pinging a machine on that network from the egress node and it s able to reach them

bored-island-21407 · Answer

Is IP forwarding enabled on the egress node

bored-island-21407 · Answer

also the egress range cannot overlap with any networks on the node you are connecting from If the node you are trying to ping from also has 192 168 0 0 network it will not work

many-airline-32588 · Answer

I have not tbh I m figuring this all out as I go

many-airline-32588 · Answer

There isn t any network overlap

bored-island-21407 · Answer

Ok probably IP forwarding then

many-airline-32588 · Answer

Looks to be enabled

bored-island-21407 · Answer

What os

many-airline-32588 · Answer

Oracle Linux Also tried it on opnsense and had the same issue

bored-island-21407 · Answer

could be iptables rule not permitting forwarding

many-airline-32588 · Answer

I ll check into that

bored-island-21407 · Answer

If you set up a route via the public IP of the egress node can you ping

bored-island-21407 · Answer

You may not be able to do that

many-airline-32588 · Answer

It doesn t have a public IP but I am able to connect to outside the network via wireguard

bored-island-21407 · Answer

what is the wg endpoint of the egress node

many-airline-32588 · Answer

What do you mean

bored-island-21407 · Answer

what is output of wg show obscure your private key

many-airline-32588 · Answer

My engress node network is 10 7 0 0 16 My external client is on 192 168 0 0 16 My wg network is 10 1 0 0 16

bored-island-21407 · Answer

192 168 0 0 16 is not in your allowed ips How do you expect to ping that network

many-airline-32588 · Answer

I m trying to reach the 10 7 0 0 16 network The 192 was just for an example

bored-island-21407 · Answer

That s not in your a lower ips either

many-airline-32588 · Answer

Ah do I have to add that manually I figured enabling egress on the node would do that

bored-island-21407 · Answer

No what version of netmaker

many-airline-32588 · Answer

0 14 3

bored-island-21407 · Answer

Was that the wg show from the node you are trying to ping from

many-airline-32588 · Answer

That was from the egress node it s self This is the external client I m trying to ping from It can reach the egress node just nothing on 10 7 0 0 16 where it s suppose to egress

bored-island-21407 · Answer

That s looks ok

many-airline-32588 · Answer

Idk if any of that will help

bored-island-21407 · Answer

Can you ping the egress range from the other node or netmaker container

many-airline-32588 · Answer

Nope That other node is also on the egress network I was trying to use it originally and just haven t removed it 10 1 0 2

many-airline-32588 · Answer

The netmaker server cannot ping the egress network though

bored-island-21407 · Answer

Netmaker server or netmaker container The server doesn t have wg

many-airline-32588 · Answer

In the container

bored-island-21407 · Answer

If the netmaker container cannot ping the egress then the ext client won t be able to either

bored-island-21407 · Answer

ICMP blocked

many-airline-32588 · Answer

It might be The egress network is behind opnsense firewall

many-airline-32588 · Answer

Not sure what I d need to allow on the firewall in all honesty I ll just keep messing around and hopefully I ll get something to work going to grab a bite to eat for now Thanks a ton for the help I appreciate it