so i have docker installed as part of a packetfence deployment (for NAC 802.1x) on debian, to minimize the number of servers (saving on already limited resources) i wanted to have wireguard server on here as well.
the issue is packetfence/docker is re-writing my iptables as part of launching packetfence as seen in sample file, and because of that it will not route to the port used by the vpn server (weirdly ping works tho):
https://github.com/inverse-inc/packetfence/blob/devel/conf/iptables.conf.example
is there a possibility for me to exclude my wireguard vlan (10.69.69.0/24) out of the iptables routing for docker? then i can add the appropriate route for wireguard separately in the iptables
i think the answer is somewhere here:
iptables -A POSTROUTING -s 100.64.0.0/10 ! -o docker0 -j MASQUERADE
i did try to exclude my subnet with !10.69.69.0/24 🙂 seems like this rule is already excluding some subnet. maybe i have to route just the udp/tcp port used for vpn
i tried adding a second trendnet usb ethernet but that failed, couldnt find drivers in debian, will try a different ethernet usb adapter when i can find one around the many abandoned engineering boxes around the office, how fun.
thank you