Ubuntu 18.04 UFW settings, based on [1] Step 1
ens3
.. primary physical ETH interface10.243.0.0/16
.. ZT network167.76.77.177
.. the public IP on the ens3 interface
- Add 2 changes to
/etc/ufw/before.rules
:
#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# (A) Zerotier NAT
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o ens3 -s 10.243.0.0/16 -j SNAT --to-source 167.76.77.177
COMMIT
# Don't delete these required lines, otherwise there will be errors
*filter
...
# (B) Zerotier forwarding
-A FORWARD -i zt+ -s 10.243.0.0/16 -d 0.0.0.0/0 -j ACCEPT
-A FORWARD -i ens+ -s 0.0.0.0/0 -d 10.243.0.0/0 -j ACCEPT
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
- Change the default forwarding policy in
/etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
- Allow Zerotier and SSH
$ sudo ufw allow 9993/udp
$ sudo ufw allow OpenSSH
- Enable/restart the firewall
$ sudo ufw disable
$ sudo ufw enable
- Enable forwarding in
/etc/sysctl.conf
:
net.ipv4.ip_forward=1
To activate:
$ sudo sysctl -p
-
Add a default route in Zerotier network config, see [1] Step 2
-
Enable "Allow default" switch on client devices, see [1] Step 3
- [1] Zerotier - Overriding Default Route / Full Tunnel Mode: https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode