[TUTORIAL] Proxmox PVE+ZeroTier One + NAT

[catalin.bostan]

This is a simple way to solve routing/masquerade problems via ZeroTier One and PVE for any networking segment.

Step 0 : Install ZeroTier One

Step 1: Enable IP Forwarding at kernel level

Edit the /etc/sysctl.conf file with nano/vi/whatever and uncomment the following line:

net.ipv4.ip_forward=1

To apply the changes immediately, run:

sysctl -p

File editing will make sure IP forwarding is enabled automatically on boot.

Step 2. Create a service file in /lib/systemd/system/zerotier-one-masquerade.service with the following contents:

[Unit]​

Description=Enable ZeroTier One Routing​

After=zerotier-one.service​

Wants=zerotier-one.service​

​

[Service]​

Type=oneshot​

ExecStart=/bin/bash -c "iptables -t nat -A POSTROUTING ! -o lo -j MASQUERADE"​

​

[Install]​

WantedBy=multi-user.target​

Step 3. Reload systemctl

systemctl daemon-reload

Step 4. Enable created services

systemctl enable zerotier-one-masquerade.service

After reboot this service will automatically start after zerotier-one service.​

If you want to test/apply without reboot run​

​

systemctl start zerotier-one-masquerade.service​

Step 5. Enjoy

Warning!

0. Add needed firewall rules : THIS IS A WIDE OPEN ROUTER !​

You have access to ANY NETWORK REACHABLE from PVE , be these internal or external !​

​

1.you need to add appropriate routes on ZeroTier One controller​

​

2. zerotier-cli commands are not working because masquerade is global solved with " ! -o lo "​

​

you can deactivate postrouting rule temporarily with:​

​

iptables -t nat -D POSTROUTING 1​

​

and re-enable with​

​

systemctl start zerotier-one-masquerade.service​