Subnet router issue

Tailscale About articles (troubleshooting, info)
1

I set tailscale subnet router on Ubuntu and connected a home router to the Ubuntu machine via USB to an ethernet cable in order to use the router as a gateway to my subnet router. Then I connected an IP camera to the router. So it looks like this physically: IP camera->home router->Ubuntu->Internet

Network interfaces on the Ubuntu are enp0s25(ethernet where I get the internet), and enx60a4b7c211c7(USB to ethernet). When I connect the router via USB to ethernet, I shared enp0s25 to enx60a4b7c211c7 by creating a shared profile and selecting Shared to other computers. this USB Ethernet connection gets 10.42.0.1 IP automatically, so I created a tailscale subnet router 10.42.0.0/24 on the Ubuntu machine.

Everything seems working but when I ping the IP camera from a remote tailscale node, it shows the destination port unreachable. what can I do to make it work?

thank you in advance for your reply.

2

My best guess is in your router config. Is it configured as a gateway or a bridge? If as a gateway do you need to setup port forwarding to the camera?

Hopefully it goes without saying that I hope you know what you’re doing with the firewall config on your Ubuntu node since it is directly connected to the internet. If you aren’t running a firewall there you’re pretty much asking for it to get hacked and you should go unplug it right now. If you are running a firewall then you might want to see if those rules are being applied to the Tailscale connection and blocking traffic coming in that route.

3

thanks for your reply.

the router is configured as an access point (what you meant gateway is the case, I guess). In the AP mode, there is no port forwarding feature possible in the router’s configuration. However, when I configure the router as a normal router mode, the IP camera gets 192.168.0.x from the router but I cannot connect to the IP camera using this IP address even with subnet 192.168.0.0/24 because on ubuntu machine this subnet is not available. When I connect to this subnet using wifi, I can reach camera. Is there any security issue here?

BTW, iptables is enabled and these are enabled rules. is there any security issue?

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

4449K 1205M ts-input all – * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

226K 46M ts-forward all – * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

pkts bytes target prot opt in out source destination

Chain ts-forward (1 references)

pkts bytes target prot opt in out source destination

8775 558K MARK all – tailscale0 * 0.0.0.0/0 0.0.0.0/0 MARK xset 0x40000/0xff0000

8775 558K ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 mark match 0x40000/0xff0000

0     0 DROP       all  --  *      tailscale0  100.64.0.0/10        0.0.0.0/0

10059 531K ACCEPT all – * tailscale0 0.0.0.0/0 0.0.0.0/0

Chain ts-input (1 references)

pkts bytes target prot opt in out source destination

0     0 ACCEPT     all  --  lo     *       "ubuntu tailscale IP"        0.0.0.0/0           

0     0 RETURN     all  --  !tailscale0 *       100.115.92.0/23      0.0.0.0/0           

0     0 DROP       all  --  !tailscale0 *       100.64.0.0/10        0.0.0.0/0

thanks.