blob: 00f01949a0a4f525428986d3aaa693163ea8bd02 (
plain)
1
2
3
4
5
6
7
8
|
# at least `net.ipv4.ip_forward = 1` is needed for wireguard masquerade? to work. Without will result into can't ping ips, can't curl websites, browser can't visit websites
# ka seems has this as default, maybe arch linux cloud-init image has this as default?
# https://forums.rockylinux.org/t/wireguard-masquerade-wont-work/7752
# https://wiki.archlinux.org/title/Nftables#NAT_with_port_forwarding
# https://github.com/teddysun/across/blob/acef6b00a6ad062c0e99286ea136d1a246def644/wireguard.sh#L514-L522
net.ipv4.ip_forward = 1
# ka no ipv6. Test shows if enable this, it will expose my workstation's ipv6. If it has ipv6, maybe also need `table ip6 nat` in nftables.conf to hide workstation's ipv6?
#net.ipv6.conf.all.forwarding = 1
|
