35 replies

Fully proxy an internal IP via a Netbird client? (Similar to Tailscale `TS_DEST_IP`)

Hey

Does anyone know if Netbird supports a similar function to TS_DEST_IP in Tailscale (docs)? I'm looking to maybe switch, but that's a feature I'm using and I find it useful as I can expose an internal resource with a Netbird IP address without installing Netbird directly on it.

Tailscale

Using Tailscale with Docker · Tailscale Docs

Connect your container to Tailscale using Tailscale's official Docker image.

Solution

This seems to work, but I'm a bit scared it might break down, either because Netbird will do some things to the iptables periodically, or because a future update of Netbird might break it.

        - image: netbirdio/netbird:latest
          name: netbird
          command:
            - /bin/sh
            - -c
            - |
              set -e

              iptables -t nat -I PREROUTING 1 -i wt0 -p tcp -j DNAT --to-destination ${NB_DEST_IP}
              iptables -A FORWARD -i wt0 -o eth0 -p tcp -d ${NB_DEST_IP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
              iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

              /usr/local/bin/netbird up
          env:
            - name: NB_DEST_IP
              value: 10.43.124.158
            - name: NB_SETUP_KEY
              valueFrom:
                secretKeyRef:
                  name: test
                  key: SETUP_KEY
            - name: NB_MANAGEMENT_URL
              value: https://netbird.example.com

        - image: netbirdio/netbird:latest
          name: netbird
          command:
            - /bin/sh
            - -c
            - |
              set -e

              iptables -t nat -I PREROUTING 1 -i wt0 -p tcp -j DNAT --to-destination ${NB_DEST_IP}
              iptables -A FORWARD -i wt0 -o eth0 -p tcp -d ${NB_DEST_IP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
              iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

              /usr/local/bin/netbird up
          env:
            - name: NB_DEST_IP
              value: 10.43.124.158
            - name: NB_SETUP_KEY
              valueFrom:
                secretKeyRef:
                  name: test
                  key: SETUP_KEY
            - name: NB_MANAGEMENT_URL
              value: https://netbird.example.com

Jump to solution

Fully proxy an internal IP via a Netbird client? (Similar to Tailscale `TS_DEST_IP`)

Hey

Tailscale

Using Tailscale with Docker · Tailscale Docs

Connect your container to Tailscale using Tailscale's official Docker image.

Solution

This seems to work, but I'm a bit scared it might break down, either because Netbird will do some things to the iptables periodically, or because a future update of Netbird might break it.

        - image: netbirdio/netbird:latest
          name: netbird
          command:
            - /bin/sh
            - -c
            - |
              set -e

              iptables -t nat -I PREROUTING 1 -i wt0 -p tcp -j DNAT --to-destination ${NB_DEST_IP}
              iptables -A FORWARD -i wt0 -o eth0 -p tcp -d ${NB_DEST_IP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
              iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

              /usr/local/bin/netbird up
          env:
            - name: NB_DEST_IP
              value: 10.43.124.158
            - name: NB_SETUP_KEY
              valueFrom:
                secretKeyRef:
                  name: test
                  key: SETUP_KEY
            - name: NB_MANAGEMENT_URL
              value: https://netbird.example.com

        - image: netbirdio/netbird:latest
          name: netbird
          command:
            - /bin/sh
            - -c
            - |
              set -e

              iptables -t nat -I PREROUTING 1 -i wt0 -p tcp -j DNAT --to-destination ${NB_DEST_IP}
              iptables -A FORWARD -i wt0 -o eth0 -p tcp -d ${NB_DEST_IP} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
              iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

              /usr/local/bin/netbird up
          env:
            - name: NB_DEST_IP
              value: 10.43.124.158
            - name: NB_SETUP_KEY
              valueFrom:
                secretKeyRef:
                  name: test
                  key: SETUP_KEY
            - name: NB_MANAGEMENT_URL
              value: https://netbird.example.com

Jump to solution

Fully proxy an internal IP via a Netbird client? (Similar to Tailscale `TS_DEST_IP`)

Fully proxy an internal IP via a Netbird client? (Similar to Tailscale `TS_DEST_IP`)

Similar Threads

Similar Threads

Similar Threads