Timeline for nftables, masquerade: packets go through wrong outbounding interface

Current License: CC BY-SA 4.0

13 events

when toggle format	what		by	license	comment
Aug 6, 2023 at 16:16	vote	accept	Tintenfisch
Aug 6, 2023 at 14:59	answer	added	A.B		timeline score: 4
Aug 6, 2023 at 12:12	comment	added	Tintenfisch		`[MY_IP]` is both an external VPS of me, which I used to ping `198.51.100.105` (which arrives and is then responded back via the wrong interface) and my DSL at home. I replaced it with `192.0.2.2` now.
Aug 6, 2023 at 12:10	history	edited	Tintenfisch	CC BY-SA 4.0	added 4 characters in body
Aug 6, 2023 at 12:07	comment	added	Tintenfisch		(I just fixed some inconsistencies in the question from an IP change [`198.51.100.123` => `198.51.100.105`], so now all should fit).
Aug 6, 2023 at 11:59	history	edited	Tintenfisch	CC BY-SA 4.0	Added configuration/command ouputs for WireGuard
Aug 6, 2023 at 11:51	comment	added	Tintenfisch		WireGuard is working fine; only that I can't use it using my public IP (`198.51.100.123`) since the replies are send over `ens18` instead of `ens19` which I verified using `tcpdump`. Using a public IP for WireGuard with masquerading on the POSTROUTING chain is also described here: procustodibus.com/blog/2022/09/…
Aug 6, 2023 at 11:40	comment	added	Tintenfisch		Alright, I edited the question accordingly. Private ip addresses have not been obfuscated, also not previously. Also, I replaced the obfuscated blocks of public addresses with documentation blocks from RFC5737.
Aug 6, 2023 at 11:34	history	edited	Tintenfisch	CC BY-SA 4.0	Replace obfuscated blocks with blocks according to RFC5737, Section 3, see: https://www.rfc-editor.org/rfc/rfc5737.html#section-3
Aug 6, 2023 at 10:59	comment	added	Tintenfisch		I added it into the question :)
Aug 6, 2023 at 10:59	history	edited	Tintenfisch	CC BY-SA 4.0	added 154 characters in body
S Aug 5, 2023 at 19:45	review	First questions
Aug 5, 2023 at 23:09
S Aug 5, 2023 at 19:45	history	asked	Tintenfisch	CC BY-SA 4.0