ZeroTier Setup on Raspberry Pi 4b

Last Modified: Fri, 04 Oct 2024 13:26:38 +0000 ; Created: Fri, 04 Oct 2024 13:26:38 +0000

I wanted to try-out using my Raspberry Pi 4B as an exit node but on a network that may have CGNAT (no port forwarding/DMZ possible). I followed the guide at https://docs.zerotier.com/exitnode/ using a Raspberry Pi 4B with Raspberry Pi OS Lite (64-bit).

The new OS version uses nftables instead of iptables. It was actually simpler to setup as I only had the one eth0 interface and did not want any firewall blocking rules (to allow easier remote setup of the device on-site). I used the Red Hat reference at documentation as there were not very many simple nftables for routing via NAT examples.

nft flush ruleset

nft add table nat

nft -- add chain nat prerouting { type nat hook prerouting priority dstnat \; }
nft add chain nat postrouting { type nat hook postrouting priority srcnat \; }

# WAN interface for exit node to reach the Internet
export WAN_IF=eth0
nft add rule nat postrouting oifname "$WAN_IF" masquerade

# Observe that NO deny rules are in-use. If you need them you should add them

Don't forget to enable ipv4 forwarding

Save the changes so they persist across reboots

echo 'flush ruleset' > /etc/nftables.conf
echo '' >> /etc/nftables.conf

nft list ruleset >> /etc/nftables.conf