https://netmaker.org logo
Join Discord
Powered by
I may not be understanding this correctly. If I se...
# netmaker
m
I may not be understanding this correctly. If I setup a node as egress I should be able to access any of the IP's on the same LAN right? Say it's on 192.168.0.0/16 and I use that for the egress gateway then I should be able to connect to any machine on that network without having to have netclient on them right? Despite having a node setup as engress I can only access the node its self, none of the machines on the network it's setup to egress. I've tried pinging a machine on that network from the egress node and it's able to reach them.
b
Is IP forwarding enabled on the egress node?
also the egress range cannot overlap with any networks on the node you are connecting from. If the node you are trying to ping from also has 192.168.0.0 network it will not work
m
I have not. (tbh I'm figuring this all out as I go)
There isn't any network overlap
b
Ok, probably IP forwarding then
m
Looks to be enabled.
b
What os
m
Oracle Linux. Also tried it on opnsense and had the same issue
b
could be iptables rule not permitting forwarding
m
I'll check into that
b
If you set up a route via the public IP of the egress node, can you ping?
You may not be able to do that
m
It doesn't have a public IP but I am able to connect to outside the network via wireguard.
b
#what is the wg endpoint of the egress node
m
What do you mean?
b
what is output of wg show. (obscure your private key)
m
My engress node/network is 10.7.0.0/16. My external client is on 192.168.0.0/16. My wg network is 10.1.0.0/16.
b
192.168.0.0/16 is not in your allowed ips. How do you expect to ping that network
m
I'm trying to reach the 10.7.0.0/16 network. The 192 was just for an example.
b
That's not in your a!lower ips either
m
Ah...do I have to add that manually? I figured enabling egress on the node would do that.
b
No, what version of netmaker
m
0.14.3
b
Was that the wg show from the node you are trying to ping from
m
That was from the egress node it's self. This is the external client I'm trying to ping from. It can reach the egress node, just nothing on 10.7.0.0/16 where it's suppose to egress
b
That's looks ok
m
Idk if any of that will help
b
Can you ping the egress range from the other node or netmaker container
m
Nope. That other node is also on the egress network. I was trying to use it originally and just haven't removed it (10.1.0.2)
The netmaker server cannot ping the egress network though
b
Netmaker server or netmaker container? The server doesn't have wg
m
In the container
b
If the netmaker container cannot ping the egress then the ext client won't be able to either
ICMP blocked?
m
It might be. The egress network is behind opnsense firewall.
Not sure what I'd need to allow on the firewall in all honesty. I'll just keep messing around and hopefully I'll get something to work, going to grab a bite to eat for now. Thanks a ton for the help! I appreciate it.
PreviousNext
Powered by