There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

CumBroth ,
@CumBroth@discuss.tchncs.de avatar

Gluetun likely doesn’t have the proper firewall rules in place to enable this sort of traffic routing, simply because it’s made for another use case (using the container’s network stack directly with network_mode: “service:gluetun”).

Try to first get this setup working with two vanilla Wireguard containers (instead of Wireguard + gluetun). If it does, you’ll know that your Wireguard “server” container is properly set up. Then replace the second container that’s acting as a VPN client with gluetun and run tcpdump again. You likely need to add a postrouting masquerade rule on the NAT table.

Here’s my own working setup for reference.

Wireguard “server” container:


<span style="color:#323232;">[Interface]
</span><span style="color:#323232;">Address = <address>
</span><span style="color:#323232;">ListenPort = 51820
</span><span style="color:#323232;">PrivateKey = <privateKey>
</span><span style="color:#323232;">PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
</span><span style="color:#323232;">PostUp = wg set wg0 fwmark 51820
</span><span style="color:#323232;">PostUp = ip -4 route add 0.0.0.0/0 via 172.22.0.101 table 51820
</span><span style="color:#323232;">PostUp = ip -4 rule add not fwmark 51820 table 51820
</span><span style="color:#323232;">PostUp = ip -4 rule add table main suppress_prefixlength 0
</span><span style="color:#323232;">PostUp = ip route add 192.168.16.0/24 via 172.22.0.1
</span><span style="color:#323232;">PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip route del 192.168.16.0/24 via 172.22.0.1
</span><span style="color:#323232;">
</span><span style="color:#323232;">#peer configurations (clients) go here
</span>

and the Wireguard VPN client that I route traffic through:


<span style="color:#323232;"># Based on my VPN provider's configuration + additional firewall rules to route traffic correctly
</span><span style="color:#323232;">[Interface]
</span><span style="color:#323232;">PrivateKey = <key>
</span><span style="color:#323232;">Address = <address>
</span><span style="color:#323232;">DNS = 192.168.16.81 # local Adguard
</span><span style="color:#323232;">PostUp = iptables -t nat -A POSTROUTING -o wg+ -j MASQUERADE #Route traffic coming in from outside the container (host/other container)
</span><span style="color:#323232;">PreDown = iptables -t nat -D POSTROUTING -o wg+ -j MASQUERADE
</span><span style="color:#323232;">
</span><span style="color:#323232;">[Peer]
</span><span style="color:#323232;">PublicKey = <key>
</span><span style="color:#323232;">AllowedIPs = 0.0.0.0/0
</span><span style="color:#323232;">Endpoint = <endpoint_IP>:51820
</span>

Note the NAT MASQUERADE rule.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •