I’m using Arch Linux and I want to setup subnet routing as defined here: Subnet routers and traffic relay nodes · Tailscale
I followed the steps from the above link, and used the IPs specified there, namely
10.0.0.0/24,10.0.1.0/24
and also set the ACL defined there:
"groups": {
"group:dev": ["my-email@gmail.com"]
},
"acls": [
// Users in group:dev and devices in subnets 10.0.0.0/24 and
// 10.0.1.0/24 can access devices in subnets 10.0.0.0/24 and
// 10.0.1.0/24
{ "action": "accept",
"src": ["group:dev","10.0.0.0/24", "10.0.1.0/24"],
"dst": ["10.0.0.0/24:*", "10.0.1.0/24:*"]
}
]
Currently, my iptables rules look like this:
[audiolinux@audiolinux2 Desktop]$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N ts-forward
-N ts-input
-A INPUT -j ts-input
-A FORWARD -j ts-forward
-A ts-forward -i tailscale0 -j MARK --set-xmark 0x40000/0xff0000
-A ts-forward -m mark --mark 0x40000/0xff0000 -j ACCEPT
-A ts-forward -s 100.64.0.0/10 -o tailscale0 -j DROP
-A ts-forward -o tailscale0 -j ACCEPT
-A ts-input -s 100.76.112.123/32 -i lo -j ACCEPT
-A ts-input -s 100.115.92.0/23 ! -i tailscale0 -j RETURN
-A ts-input -s 100.64.0.0/10 ! -i tailscale0 -j DROP
But, the problem is from my other machine (MacOS), I cannot ping my Arch Linux machine. I get the following:
myuser@mymachine ~ $ ping 100.76.112.123
PING 100.76.112.123 (100.76.112.123): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
I also cannot ping from Arch Linux my MacOS machine. I tried to toggle on and off in MacOS the settings like “Use Tailscale DNS settings” and “Use Tailscale subnets”, but nothing helped. Any ideas what the issue might be?