This diagram summarizes what I wish to obtain:
I need the connections made by Telephone use the Raspberry Pi 1 as gateway. The packets must be routed to Raspberry Pi 2 over the ten.8.0.0/24 community. Then it must be NATed to the web in order that Telephone assume it has the general public IP Deal with of Raspberry Pi 2 (wlan0 is the WAN interface).
At first I assumed I wanted iptables and tried the next:
PREROUTING
-i wlan0 -s 192.168.1.0/24 -j DNAT --to-destination 10.8.0.110
FORWARD
-i wlan0 -s 192.168.1.0/24 -d 10.8.0.110/32 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-i wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
POSTROUTING
-o wg0 -d 10.8.0.110/32 -j SNAT --to-source 10.8.0.3
For the Raspberry Pi 1.
The VPS had the next:
FORWARD -s 10.8.0.0/24 -d 10.8.0.0/24 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
However then I spotted these packets arrive at 10.8.0.110 pondering it was the ultimate vacation spot, that’s the reason I used to be receiving connection refused when testing one thing like telnet google.com 443
Then I attempted the next for Raspberry Pi 1:
FORWARD
-i wlan0 -o wg0 -j ACCEPT
-i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
and VPS:
FORWARD
-i wg0 -s 192.168.1.0/24 -o wg0 -j ACCEPT
-i wg0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
And people packets usually are not reaching Raspberry Pi 2 both.
With the assistance of GPT4 I checked I may use Coverage Primarily based Routing including IP guidelines and routes. My understanding is that the packets that arrive at Raspberry Pi 1 over 192.168.1.0/24 must be routed on to 10.8.0.110 with out altering the vacation spot tackle.
GPT4 urged the next:
# Create a brand new routing desk
echo "200 customized" >> /and many others/iproute2/rt_tables
# Add a rule to make use of this desk for visitors from 192.168.1.0/24
ip rule add from 192.168.1.0/24 lookup customized
# Add a route within the customized desk to ahead visitors to 10.8.0.110
ip route add default through 10.8.0.110 dev wg0 desk customized
It didn’t work and for some purpose made the Raspberry Pi 1 ssh connection very laggy.
These are the Raspberry Pi 1 routes:
default through 192.168.1.1 dev wlan0 proto dhcp src 192.168.1.174 metric 600
10.8.0.0/24 dev wg0 proto kernel scope hyperlink src 10.8.0.3
172.17.0.0/16 dev docker0 proto kernel scope hyperlink src 172.17.0.1
172.18.0.0/16 dev br-352622acd722 proto kernel scope hyperlink src 172.18.0.1
172.19.0.0/16 dev br-e7d4e060a024 proto kernel scope hyperlink src 172.19.0.1
172.20.0.0/16 dev br-b97d3a35bbf0 proto kernel scope hyperlink src 172.20.0.1
192.168.0.0/24 through 192.168.1.1 dev wlan0 proto static metric 600
192.168.1.0/24 dev wlan0 proto kernel scope hyperlink src 192.168.1.174 metric 600
At this level I’m not positive what to strive since I’m not a networking knowledgeable. Thanks upfront for some recommendation.
PS: The Raspberry Pi 1 and VPS have docker containers working, there are iptables guidelines for docker configured. I feel that ought to not intervene.