Timeline for Outgoing docker packets not respecting routing rules
Current License: CC BY-SA 4.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 2 at 20:07 | answer | added | Justin Ludwig | timeline score: 0 | |
| Dec 31, 2023 at 14:09 | comment | added | TheChubbyPanda | The destination address isn't the wireguard ip, it's the original sender IP on the internet. The public router doesn't perform SNAT when forwarding packets over wireguard. | |
| Dec 31, 2023 at 1:22 | comment | added | larsks | Then you need to use the destination address in your policy rule, rather than the source address (because you want to route traffic going to the wireguard network). | |
| Dec 31, 2023 at 1:21 | history | edited | larsks | CC BY-SA 4.0 |
added 287 characters in body
|
| Dec 30, 2023 at 23:14 | comment | added | TheChubbyPanda | Thanks for your comments, I've re-written the question to hopefully be more clear. I can't match the container's address because not all traffic from the container should go over the wg0 interface. Only that which originated from wg0. | |
| Dec 30, 2023 at 23:13 | history | edited | TheChubbyPanda | CC BY-SA 4.0 |
Re-explained to hopefully be clearer
|
| Dec 30, 2023 at 22:56 | comment | added | larsks | Your question title is "Outgoing docker packets", which suggests you're running e.g. the http server in a container. If that's the case, you would need to match the container address in your routing rule. If you believe that's not the case, updating the question to include sufficient information for us to reproduce the problem would be helpful in formulating a complete answer. | |
| Dec 30, 2023 at 22:53 | comment | added | TheChubbyPanda | Could be anything but for testing I've just been using an http server. The source address is that of the wireguard interface but it's leaving via the default route. That is the problem I think, I need to figure out a way to get the routing to happen once the packets have the host address... | |
| Dec 30, 2023 at 22:46 | comment | added | larsks | What is generating the problematic traffic? Are you certain it has the expected source address? If it's coming from a container, what is the address of that container? Note that packets coming from a container will not have the source address of your host during the routing decision. | |
| Dec 30, 2023 at 22:42 | history | asked | TheChubbyPanda | CC BY-SA 4.0 |