baggiiiie

subnet-router-setup

how to set up subnet router in tailscale

tags: learning networking tailscale

content

  • subnet router needs to enable IP forwarding on firewall
  • tailscale official doc only suggests changing /etc/sysctl.d
  • but i have to run firewall-cmd --add-forwarding for it to take effect?
    • let’s add a little permanent to be safe:
firewall-cmd --permanent --add-forward
  • need to also enable ip masquerading on firewall:
firewall-cmd --permanent --add-masquerade
  • subnet router tells tailnet, “hey, if you’re sending to these IP ranges, send it to me”:
tailscale set --advertise-routes=192.168.0.0/16,10.0.0.0/8

Note

in short, we want our subnet router to

  1. forward ip packets,
  2. perform SourceNAT while forwarding

in case it doesn’t work:

sudo systemctl restart tailscaled

up

tailscale-subnet-router-what

down

ip-forwarding ip-masquerading

reference

Graph View

Backlinks