hi. i'm trying to configure an alpine router, but client traffic is not 
being passed through router interfaces or out to internet.
Please see here: https://pastebin.com/KGkQv3JT

what am i missing? anything else anyone needs to see?

thanks

Don't you need to enable forwarding on both interfaces? I usually just
enable it in /etc/conf.d/nftables and block unwanted traffic in the
firewall.

Your nftables config seems correct.

On Thu, Apr 20, 2023 at 3:31 AM ITwrx <lists@itwrx.org> wrote:
>
> hi. i'm trying to configure an alpine router, but client traffic is not
> being passed through router interfaces or out to internet.
> Please see here: https://pastebin.com/KGkQv3JT
>
> what am i missing? anything else anyone needs to see?
>
> thanks

On 4/20/23 11:17 AM, Konstantin Kulikov wrote:
> Don't you need to enable forwarding on both interfaces? I usually just
> enable it in /etc/conf.d/nftables and block unwanted traffic in the
> firewall.
> 
> Your nftables config seems correct.

Thanks for your response!

It seems i had tried enabling forwarding on eth0 previously, as it was 
already in /etc/sysctl.conf, but was commented out. I just retried with 
/etc/sysctl.conf as:

# content of this file will override /etc/sysctl.d/*
net.ipv4.ip_forward=1
net.ipv4.conf.eth1.forwarding=1
net.ipv4.conf.eth0.forwarding=1

and after reboot got:

"network is unreachable" for www.google.com, 8.8.8.8, and 192.168.43.1 
(upstream router wan interface)

while pinging 10.2.0.1 (upstream router lan interface) was successful.

/etc/conf.d/nftables already has:

enable_forwarding="yes"

any other ideas appreciated

Maybe default gw on the client is missing then (at least you don't set
it in dhcpd conf, but i'm not familiar with it).
Run tcpdump on both machines, make sure packets actually go through.

On Thu, Apr 20, 2023 at 7:45 PM ITwrx <lists@itwrx.org> wrote:
>
> On 4/20/23 11:17 AM, Konstantin Kulikov wrote:
> > Don't you need to enable forwarding on both interfaces? I usually just
> > enable it in /etc/conf.d/nftables and block unwanted traffic in the
> > firewall.
> >
> > Your nftables config seems correct.
>
> Thanks for your response!
>
> It seems i had tried enabling forwarding on eth0 previously, as it was
> already in /etc/sysctl.conf, but was commented out. I just retried with
> /etc/sysctl.conf as:
>
> # content of this file will override /etc/sysctl.d/*
> net.ipv4.ip_forward=1
> net.ipv4.conf.eth1.forwarding=1
> net.ipv4.conf.eth0.forwarding=1
>
> and after reboot got:
>
> "network is unreachable" for www.google.com, 8.8.8.8, and 192.168.43.1
> (upstream router wan interface)
>
> while pinging 10.2.0.1 (upstream router lan interface) was successful.
>
> /etc/conf.d/nftables already has:
>
> enable_forwarding="yes"
>
> any other ideas appreciated
>

On 4/20/23 11:52 AM, Konstantin Kulikov wrote:
> Maybe default gw on the client is missing then (at least you don't set
> it in dhcpd conf

that's what it was! /etc/dhcp/dhcpd.conf needed:

option routers 10.2.0.1;

idk how i ended up without it. too many changes + too much frustration. :)

I'd be happy to send a small token of my appreciation if you'll send me 
some method. btc,xmr,paypal,stripe,buymeacoffee.com, etc. Feel free to 
use my contact form at itwrx.org if you'd rather not post it to the list.

thanks again.