Last Modified: Fri, 04 Oct 2024 13:26:38 +0000 ; Created: Fri, 04 Oct 2024 13:26:38 +0000
I wanted to try-out using my Raspberry Pi 4B as an exit node but on a network that may have CGNAT (no port forwarding/DMZ possible). I followed the guide at https://docs.zerotier.com/exitnode/ using a Raspberry Pi 4B with Raspberry Pi OS Lite (64-bit).
The new OS version uses nftables instead of iptables. It was actually simpler to setup as I only had the one eth0 interface and did not want any firewall blocking rules (to allow easier remote setup of the device on-site). I used the Red Hat reference at documentation as there were not very many simple nftables for routing via NAT examples. nft flush ruleset nft add table nat nft -- add chain nat prerouting { type nat hook prerouting priority dstnat \; } nft add chain nat postrouting { type nat hook postrouting priority srcnat \; } # WAN interface for exit node to reach the Internet export WAN_IF=eth0 nft add rule nat postrouting oifname "$WAN_IF" masquerade # Observe that NO deny rules are in-use. If you need them you should add them Don't forget to enable ipv4 forwarding Save the changes so they persist across reboots echo 'flush ruleset' > /etc/nftables.conf echo '' >> /etc/nftables.conf nft list ruleset >> /etc/nftables.conf |
|