When I configuring a new subnet router in tailscale network for my company, the other devices cannot access subnet devices:
>>> ping 192.168.1.199
<<< (Error)
while Tailscale ping works well.
Everything described in Official Docs have already done, but it's still not working. What's wrong?
Well, we seem to need to configure NAT manually through nftables:
sudo nft add table ip filter
sudo nft add chain ip filter FORWARD { type filter hook forward priority 0; policy drop; }
sudo nft add rule ip filter FORWARD ip saddr 100.64.0.0/10 ip daddr 192.168.1.0/24 accept
sudo nft add rule ip filter FORWARD ip saddr 192.168.1.0/24 ip daddr 100.64.0.0/10 accept
sudo nft add table ip nat
sudo nft add chain ip nat POSTROUTING { type nat hook postrouting priority 100; }
sudo nft add rule ip nat POSTROUTING ip saddr 100.64.0.0/10 ip daddr 192.168.1.0/24 oif <NETWORK-INTERFACE-NAME> masquerade
sudo -i
nft list ruleset > /etc/nftables.conf # Save Nftable configuration