I would like to configure my router RB40011 as a gateway for my zerotier network as proposed https://zerotier.atlassian.net/wiki/spaces/SD/pages/7110693/Overriding+Default+Route+Full+Tunnel+Mode. This is to route all our zerotier devices internet traffic through the router (sort of using the router as proxy)
We do not have a static IP address, so on a simple linux pc, the config would default to
sudo iptables -t nat -A POSTROUTING -o $WAN_IFACE -j MASQUERADE
sudo iptables -A FORWARD -i $WAN_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $ZT_IFACE -o $WAN_IFACE -j ACCEPT
as proposed in the link.
So on the router i set :
/ip firewall nat
add chain=srcnat action=masquerade
/ip firewall filter
add chain=forward in-interface=ZT_IFACE out-interface=WAN_IFACE action=accept
add chain=forward in-interface=$WAN_IFACE out-interface=$ZT_IFACE action=accept connection-state=established,related
But it does not work (no response on pc used as client) and nothing happened on the reply forward chain as shown on the attached file.
Firstly, is it possible to do this?
Secondly, if yes, how to improve the config to do it?
