lan can't get past the firewall to the isp to the vpn
laptop
-> eero (wifi, full bridge)
-> openwrt (wired, dhcp/router)
-> isp modem (gateway)
- nslookup works (not a dns issue)
- wg handshake works (not wg issue)
- ping only works on router
"destination port unreachable"
😖😖
#vpn #homelab #networking #asknostr
This sounds like iptables forward chain rejects traffic sent to wireguard from your lan
my snapshot has nft, not iptables
what should I look for in ```/etc/config/firewall``` ?
I am surprised that it is actually nftables and not legacy iptables!
I am not sure how openwrt stores nftables config and how it looks, however you should find a `chain {}` block where `hook forward` is written, next lines within this block will specify policies regarding allowed traffic and there should be a rule lile `reject`
If it lools similar to what I have described then you need to add rules that will allow traffic to and from wireguard interface as it is currently allowed for your WAN interface (it might be eth0 for you)
I retract...nft is installed, but there are no tables or records. Must be handled a different way...I don't know what I'm doing.
I think my issue has to do with the fact that I have the ISP's modem/router, then the OpenWrt router, then a (bridged) wifi router.
