script breaks vpn traffic and masquerade

[lordkitsuna]

hey, this script successfully fixed my Docker issues which was mainly the container networks being unable to communicate with each other. However in the process it has completely broken my VPN I can no longer pass traffic between networks or access the internet through masquerade.

I am currently doing this utilizing rules in the csfpost.sh such as

iptables -t nat -A POSTROUTING -s 10.159.3.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -i wg0 -s 10.159.0.0/16 -d 10.159.4.0/24 -j ACCEPT
iptables -A FORWARD -i wg0 -s 10.159.4.0/24 -d 10.159.0.0/16 -j ACCEPT
iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT

these rules were working great for years but after the script it doesn't matter if its in oresh or post sh they no longer function and vpn traffic does not make it through anymore. how can i fix these without killing docker again?

[semiceau]

can you just add;

/bin/systemctl restart tailscaled ; well what ever the wireguard equiv is :P

echo 'done'

to the bottom of docker.sh to get around it?

[lordkitsuna]

Restarting wireguard has no effect unfortunately

[admingeekz]

The purpose of this script isn't really for wireguard so not sure this belongs here. I however just so happen to have a script that allows wireguard to work with CSF (you can also use this one for docker) and have just published it to a repo in case it's useful for you or anyone else still reading this old repo.

https://github.com/Scott-Mc/csf-wireguard

You could use the csfpost.sh for this (or my variant) and then that csfpre.sh for wireguard so both work together.