Skip to content

(docs) S2S WARP connector hint on iptables policy #15675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

(docs) S2S WARP connector hint on iptables policy #15675

wants to merge 3 commits into from

Conversation

@noroutine
Copy link

@noroutine noroutine commented Jul 18, 2024

Summary

Spent some day intensively scratching my head why i cannot access private network, just to find out the policy in iptables blocking the traffic

noroutine and others added 3 commits July 18, 2024 08:55
@noroutine
Update warp-connector.md
886d2f3 
Hint for iptables default FORWARD chain policy
@noroutine
Header update
6f37fe7
@noroutine
Wording change
bc50e12
@noroutine noroutine requested review from a team, janani-cr and ranbel as code owners July 18, 2024 07:09
DevinCarr
DevinCarr reviewed Aug 20, 2024
View reviewed changes
content/cloudflare-one/connections/connect-networks/private-net/warp-connector.md
If you are setting up WARP Connector on a host with iptables enabled, you have to make sure that iptables FORWARD chain includes the rules to accept the desired traffic.
For testing/troubleshooting purposes you can set default policy of the chain to ACCEPT
```sh
iptables --policy FORWARD ACCEPT
Copy link
Contributor

@DevinCarr DevinCarr Aug 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we update this to be specific to the interface used by WARP?

Suggested change
iptables --policy FORWARD ACCEPT
iptables -A FORWARD -i CloudflareWARP -J ACCEPT
iptables -A FORWARD -o CloudflareWARP -J ACCEPT

Copy link
Contributor

@ranbel ranbel Aug 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added to #16486

Copy link
Author

@noroutine noroutine Sep 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DevinCarr not sure it add any meaningful value

For quick setup, just toggling policy should do, for anything more complicated it will vary and surely go beyond two rules on interface - if someone has iptables it sure as hell is complex and specific, plus forwarding would likely not be limited to just one interface. IF to put this into docs it should be a separate section covering firewalls imo

@KimJ15
Copy link
Collaborator

KimJ15 commented Sep 27, 2024

👋Hi there, we’re going to close this PR. All PRs prior to August 12 need to be reworked due to the platform migration to Astro.

@KimJ15 KimJ15 closed this Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@janani-cr janani-cr Awaiting requested review from janani-cr

@ranbel ranbel Awaiting requested review from ranbel

1 more reviewer

@DevinCarr DevinCarr DevinCarr left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@ranbel ranbel

@janani-cr janani-cr

Labels

product:cloudflare-one size/xs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@noroutine @KimJ15 @DevinCarr @ranbel @janani-cr