On 12/23/18 9:04 AM, Tom Eastep wrote: > Clearly, your routing table indicates that the packet should be sent out > of eth0 rather than eth1, and since eth0 doesn't have the 'routeback' > option, the packet is being dropped in the FORWARD chain (see Shorewall > FAQ 17). > > -Tom
Ok on the router in interfaces I've set routeback and routefilter on eth0 (outside), and routefilter on eth1 (local) and eth2 (dmz). Lots of REJECTs in the FORWARD chain still but as there's no time I can't tell how recent they are. And the phone still doesn't connect to the WireGuard server inside the LAN. I'm baffled why my DMZ DNAT has always worked, and doing this the same way VPN doesn't.
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
