I have a server that is connected to two network :
- 10.0.0.0/24 through an interface wlan0
- 192.168.1.0/24 through an interface eth0
I want to setup a Wireguard VPN to make both network accessible from outside. I activated ip forwarding in my config (with sysctl).
Now I need to setup a NAT in order to route my requests from the VPN server through the two local network.
I use nftables to setup the NAT.
My issue is, for a machine with only one interface, I would use the following configuration :
table ip nat {
chain prerouting {
type nat hook prerouting priority 0;
}
chain postrouting {
type nat hook postrouting priority 100;
ip saddr 10.2.0.0/24 oifname eth0 masquerade
}
}
But here, I don't want to route everything through eth0, I want to specifically route everything meant for 10.0.0.0/24 through wlan0 and everything meant for 192.168.1.0/24 through eth0. How can I achieve this with nftables ?
Best Answer
I found the answer by myself in the end, so here is how to do it : You have to use the
ip daddr
parameter to filter by destination address. My final rule set is the following :This works perfectly.