192.168.100.50通过接口连接到192.168.178.20互联网。wg0
wg0正在打开隧道10.102.242.1/24。
Wireguard 客户端界面具有10.102.242.2.
通过上的静态路由,192.168.100.1我可以使用从任何设备连接192.168.100.0/24到wireguard客户端ssh [email protected]
但我只能在我禁用ufwwireguard 服务器上的 时才能这样做。
我试图22在服务器的ufwfrom上打开端口anywhere,允许它on wg0,allow IN并且OUT. 但没有任何改变。
我对此有什么不明白的?
To Action From
-- ------ ----
51820/udp ALLOW Anywhere # allow-wireguard
22 ALLOW 192.168.100.0/24 # SSH
22 ALLOW Anywhere # SSH test
22 on wg0 ALLOW Anywhere
22 (v6) ALLOW Anywhere (v6) # SSH test
51820/udp (v6) ALLOW Anywhere (v6) # allow-wireguard
22 (v6) on wg0 ALLOW Anywhere (v6)
22 ALLOW OUT Anywhere on wg0
22 (v6) ALLOW OUT Anywhere (v6) on wg0
Anywhere on eth0 ALLOW FWD 10.102.242.0/24 on wg0
traceroute 192.168.178.20也表现出相同的行为。与ufw active:
traceroute to 192.168.178.20 (192.168.178.20), 64 hops max, 52 byte packets
1 192.168.100.1 (192.168.100.1) 2.824 ms 1.136 ms 1.016 ms
2 192.168.100.50 (192.168.100.50) 3.566 ms 1.557 ms 1.337 ms
3 *
它将ufw inactive立即连接:
8 * * *
9 * 192.168.178.20 (192.168.178.20) 20.973 ms 16.469 ms
更多测试使我注意到我需要将另一个远程子网包含到转发规则中:
瞧!