Configuration Help

[bchenoweth]

Hello,

I am new to docker and trying to understand how to configure this the way I had it running previously on a raspberry pi. I did all that through command lines and iptables mostly through googling for the right answers. I have some experience with linux but by no means an expert. I cannot figure out how to translate my old configuration into the gui's firewall rules and hoping someone can help me. I have this container installed and running but I want to be able to access my local lan IP range as well when connected. Previously this was added to my wg0.conf file and everything worked as expected.

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

Currently when connected to VPN I cannot ping anything including the VPN server IP. Below is my iptables screen from the gui.

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
9 579 WGWADM_FORWARD 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- wg0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- * wg0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain WGWADM_FORWARD (1 references)
pkts bytes target prot opt in out source destination
9 579 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT 0 -- wg0 eth0 0.0.0.0/0 172.18.0.4
0 0 ACCEPT 0 -- wg+ eth0 0.0.0.0/0 10.90.88.2
0 0 ACCEPT 0 -- wg+ eth0 0.0.0.0/0 10.0.0.0/24
0 0 REJECT 0 -- wg+ eth0 0.0.0.0/0 172.16.0.0/12 reject-with icmp-port-unreachable
0 0 REJECT 0 -- wg+ eth0 0.0.0.0/0 192.168.0.0/16 reject-with icmp-port-unreachable
0 0 ACCEPT 0 -- wg+ eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- wg0 wg0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 -- wg+ wg+ 0.0.0.0/0 0.0.0.0/0
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
5 300 WGWADM_PREROUTING 0 -- * * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
62 4290 DOCKER_OUTPUT 0 -- * * 0.0.0.0/0 127.0.0.11

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 WGWADM_POSTROUTING 0 -- * * 0.0.0.0/0 0.0.0.0/0
62 4290 DOCKER_POSTROUTING 0 -- * * 0.0.0.0/0 127.0.0.11
0 0 MASQUERADE 0 -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain DOCKER_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT 6 -- * * 0.0.0.0/0 127.0.0.11 tcp dpt:53 to:127.0.0.11:38169
62 4290 DNAT 17 -- * * 0.0.0.0/0 127.0.0.11 udp dpt:53 to:127.0.0.11:57574

Chain DOCKER_POSTROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 SNAT 6 -- * * 127.0.0.11 0.0.0.0/0 tcp spt:38169 to::53
0 0 SNAT 17 -- * * 127.0.0.11 0.0.0.0/0 udp spt:57574 to::53

Chain WGWADM_POSTROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE 0 -- wg0 eth0 0.0.0.0/0 172.18.0.4
0 0 MASQUERADE 0 -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain WGWADM_PREROUTING (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT 17 -- wg0 * 0.0.0.0/0 10.90.88.1 udp dpt:53 to:172.18.0.4:53
0 0 DNAT 6 -- wg0 * 0.0.0.0/0 10.90.88.1 tcp dpt:53 to:172.18.0.4:53

[eduardogsilva]

Hello,

If you go to Firewall > firewall settings and click on "reset firewall to default", your current firewall rules will be removed and a default ruleset will be set for you.

The default ruleset is designed to allow your peers' traffic.
Then, you just add rules if you need.

Cheers