On Thu, Mar 14, 2019 at 3:58 PM cmp <[email protected]> wrote: > We have a bastion host at work which is like several others we have. It > has OpenVPN and OpenSSH which we’re allowed to access. The machine acts as > a gateway to access several other private subnets. It uses an iptables rule > like this > > iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -i > ens3 -j MASQUERADE > > Last night we setup a new host with WireGuard using systemd-networkd v241 > and wanted to setup these masquerade rules, but we couldn’t actually figure > out how to do them. > > We stumbled across RouteRulePolicy, but I have a feeling is we don’t > really understand how to do what we did in iptables in iproute2 so we kept > banging our heads and eventually I gave up and simply ran the iptables > commands myself and it worked, but I’d like to actually do this correctly > inside systemd networkd. >
Policy routing rules are not firewall rules. You can enable masquerading using IPMasquerade=yes in ens3.network, but that's the only iptables feature that networkd ever configures. It does not support adding arbitrary iptables rules. -- Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
