Rob Allen

Pragmatism in the real world

FIxing Linux Tailscale exit node routing

I run a Tailscale network so that remote computers can access local services. I also have a Linux box at home on that network that advertises itself as an exit node and recently noticed that it wasn’t working.

I had some time recently to sit down and work out what was going on. My initial suspicion was that it was DNS related as a cursory search brought up lots of results related to DNS. However, some quick tests with nslookup and dig showed that DNS was correctly resolving, so it seemed to be a routing issue.

Further searching led me to realise that my Linux box needs to masquerade the traffic. This can be done using:

sudo iptables -t nat -A POSTROUTING -o {network interface} -j MASQUERADE

I used ifconfig to look up my network interface which was enp3s0 and then all was well.

I connected my Mac to the exit node from a remote location and could browse the web with my remote IP address correctly set to my home’s IP address.

Given that this was working, I’m unclear what has changed such that this setting needed configuring. I have found issue 15708 which may be related so potentially a future Tailscale update will solve this. I don’t rebook this box often, so maybe I set this flag before and forgot?

I’ve written it up here now though, so I can find it again if I need it!

This article was posted on in Computing

Thoughts? Leave a reply

Your email address will not be published. Required fields are marked *

Search

I'm Rob Allen, a software consultant and engineering leader, concentrating on HTTP APIs. A proponent of Open Source, I maintain rst2pdf and Slim Framework, and contribute to Apache OpenWhisk amongst other OSS projects.

I live in the UK, run 19FT and publish Daily Jotter for Mac. I am a public speaker and wrote Zend Framework in Action.

Follow

Nineteen Feet Limited logo

Books I've written

Zend Framework in Action book cover
C++Builder 5 Developer's Guide book cover