Let’s say I have three computers, A, B and C.
A and B are connected via tailscale, whereas C is not and cannot be (e.g. embedded device). C is however on the same network as B, so my idea is to use B as some kind of gateway to get access from A to C.
So we have the following IPs and NICs.
A (tailscale0): 100.a.b.c
B (tailscale0): 100.x.y.z
B (eth1): 192.168.0.2
C (eth0): 192.168.0.3
I tried following:
B: iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE
B: iptables -A FORWARD -i tailscale0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
B: iptables -A FORWARD -i eth1 -o tailscale0 -j ACCEPT
B: echo 1 > /proc/sys/net/ipv4/ip_forward
A: ip route add 192.168.0.3 via 100.x.y.z dev tailscale0
However, when I try to ping 192.168.0.3 on A, all packages are lost.
Am I missing something or do the rules listed above conflict with some other rules created by tailscale? Is there a better way to achieve the desired result?
Does it maybe matter that in this particular case eth1 on B also serves as connection with WAN-access (i.e. tailscale uses it)? Would it be different if B had a separate eth0 as WAN and eth1 only as LAN?