192.168.100.50通过接口连接到192.168.178.20互联网wg0。
wg0正在打通隧道10.102.242.1/24。
wireguard 客户端界面具有10.102.242.2.
通过静态路由,192.168.100.1我可以使用以下命令从任何设备连接192.168.100.0/24到wireguard客户端ssh [email protected]
ufw但只有在wireguard 服务器上禁用它时,我才能执行此操作。
我尝试打开22服务器的ufwfrom端口anywhere,允许它on wg0,allow IN并且OUT。但一切都没有改变。
我对此有何不明白?
To Action From
-- ------ ----
51820/udp ALLOW Anywhere # allow-wireguard
22 ALLOW 192.168.100.0/24 # SSH
22 ALLOW Anywhere # SSH test
22 on wg0 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6) # SSH test
51820/udp (v6) ALLOW Anywhere (v6) # allow-wireguard
22 (v6) on wg0 ALLOW Anywhere (v6)
22 ALLOW OUT Anywhere on wg0
22 (v6) ALLOW OUT Anywhere (v6) on wg0
Anywhere on eth0 ALLOW FWD 10.102.242.0/24 on wg0
traceroute 192.168.178.20也表现出相同的行为。和ufw active:
traceroute to 192.168.178.20 (192.168.178.20), 64 hops max, 52 byte packets
1 192.168.100.1 (192.168.100.1) 2.824 ms 1.136 ms 1.016 ms
2 192.168.100.50 (192.168.100.50) 3.566 ms 1.557 ms 1.337 ms
3 *
有了ufw inactive它就会立即连接:
8 * * *
9 * 192.168.178.20 (192.168.178.20) 20.973 ms 16.469 ms
答案1
更多的测试使我注意到我需要将其他远程子网包含到转发规则中:
ufw route allow in on eth0 out on wg0 to 192.168.178.0/24
瞧!