Received: from email.itwrx.org (email.itwrx.org [96.43.140.76])
	by gbr-app-1.alpinelinux.org (Postfix) with ESMTPS id 264592235A9
	for <~alpine/users@lists.alpinelinux.org>; Thu, 20 Apr 2023 16:45:36 +0000 (UTC)
Received: from [192.168.43.19] (unknown [74.196.189.250])
	by email.itwrx.org (Postfix) with ESMTPSA id 30663640F34;
	Thu, 20 Apr 2023 11:45:35 -0500 (CDT)
Message-ID: <8c9ea2f0-4b89-30b4-6748-28875db2d0e7@itwrx.org>
Date: Thu, 20 Apr 2023 11:45:34 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.10.0
Subject: Re: router/firewall not forwarding traffic between interfaces?
Content-Language: en-US
To: Konstantin Kulikov <k.kulikov2@gmail.com>
Cc: ~alpine/users@lists.alpinelinux.org
References: <cc077dc0-33ab-9dff-309e-36864daee8f6@itwrx.org>
 <CAD+eXGTJgGM5F+_GHu_ZGTkjYG=6uv0rQu00khoY98DHeFQwjQ@mail.gmail.com>
From: ITwrx <lists@itwrx.org>
In-Reply-To: <CAD+eXGTJgGM5F+_GHu_ZGTkjYG=6uv0rQu00khoY98DHeFQwjQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 4/20/23 11:17 AM, Konstantin Kulikov wrote:
> Don't you need to enable forwarding on both interfaces? I usually just
> enable it in /etc/conf.d/nftables and block unwanted traffic in the
> firewall.
> 
> Your nftables config seems correct.

Thanks for your response!

It seems i had tried enabling forwarding on eth0 previously, as it was 
already in /etc/sysctl.conf, but was commented out. I just retried with 
/etc/sysctl.conf as:

# content of this file will override /etc/sysctl.d/*
net.ipv4.ip_forward=1
net.ipv4.conf.eth1.forwarding=1
net.ipv4.conf.eth0.forwarding=1

and after reboot got:

"network is unreachable" for www.google.com, 8.8.8.8, and 192.168.43.1 
(upstream router wan interface)

while pinging 10.2.0.1 (upstream router lan interface) was successful.

/etc/conf.d/nftables already has:

enable_forwarding="yes"

any other ideas appreciated