0

EDIT: I already spent 3 days going through different possible ways of handling this and settled on iptables. This is like the biggest-kept secret to me. No matter how much I read, I feel like I'm missing some critical information to doing something as simple as pre- and post-routing redirection.

I want to send 100% of the network traffic for PC-A in one location to PC-B in another location using PC-R as a Tailscale router. I will most likely need an iptables configuration.

The setup:

  1. PC-A cannot run Tailscale.
  2. PC-R, the router, will be a Raspberry Pi running Raspbian with a single Ethernet NIC.
  3. The Raspberry Pi is connected to a Tailscale network which creates a tailscale0 virtual interface.
  4. All incoming traffic is sent from the Raspberry Pi to a Tailscale exit node (similar to how other VPNs can securely send all your network traffic).

The gateway on PC-A will be set to PC-R's eth0 (LAN) since tailscale0 is virtual (and therefore not able to be accessed by PC-A).

Because PC-A is sending data to PC-R's eth0, I need to route all PC-R's incoming traffic to tailscale0 and visa versa.

Knowing this, how do I set up iptables or similar to route incoming traffic on eth0 to tailscale0?

Sawtaytoes
  • 143

1 Answers1

1

After searching more, I found nearly the exact same question answered here without any sus: https://serverfault.com/a/431607/189877.

After testing through everything, this is my solution:

sudo iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE

Not sure exactly what this does. To remove it, do this command:

sudo iptables -t nat -D POSTROUTING -o tailscale0 -j MASQUERADE

Note the -D.

-A appends and -D deletes. It's the same command otherwise.

The rule is only temporary and will be gone after a restart. You may need iptables-persistent to keep it around. Not actually sure how to properly keep iptables rules after a restart though.

Sawtaytoes
  • 143