On Thu, Mar 14, 2019 at 3:58 PM cmp <me@xxxxxx> wrote:
We have a bastion host at work which is like several others we have. It has OpenVPN and OpenSSH which we’re allowed to access. The machine acts as a gateway to access several other private subnets. It uses an iptables rule like this
iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -i ens3 -j MASQUERADE
Last night we setup a new host with WireGuard using systemd-networkd v241 and wanted to setup these masquerade rules, but we couldn’t actually figure out how to do them.
We stumbled across RouteRulePolicy, but I have a feeling is we don’t really understand how to do what we did in iptables in iproute2 so we kept banging our heads and eventually I gave up and simply ran the iptables commands myself and it worked, but I’d like to actually do this correctly inside systemd networkd.
Policy routing rules are not firewall rules.
You can enable masquerading using IPMasquerade=yes in ens3.network, but that's the only iptables feature that networkd ever configures. It does not support adding arbitrary iptables rules.
Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list systemd-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/systemd-devel
