Route traffic from one IP address through a different interface

I have a local and a remote network. My local network has a router, ubuntu box and TV. The remote network has a router and a raspberry pi. The local ubuntu box and remote raspberry pi are connected through a wireguard tunnel.

The goal is to connect the TV to the internet through the remote raspberry pi, so that internet requests from it will appear to be coming from my remote network’s public IP. To this end I have set the ubuntu box to act as the TV’s gateway, which is then supposed to forward traffic from the TV’s local IP only to the wireguard interface (wg0) so that it ends up on the remote raspberry pi. This does not work, though, it seems like traffic never makes it to wg0.

IP forwarding on both the ubuntu box and raspberry pi is enabled. I have added policy based routing like so:

ip rule add from <TV local IP> table wg0
ip route add default via <rpi wireguard IP> dev wg0 table wg

Furthermore configured iptables on the wg0 interface like so:

iptables -A FORWARD -i enp1s0 -o wg0 -j ACCEPT
iptables -A FORWARD -i wg0 -o enp1s0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE

What am I missing?

Asked By: NinjaTuna


Starting again from scratch I found that I was missing the relevant iptables rules on the Raspberry Pi to forward traffic from its wireguard interface to its ethernet interface:

iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o wg0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Setting the linux box as the TV’s gateway now causes all traffic to be routed through wireguard to the raspberry pi as desired.

Answered By: NinjaTuna
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.