Disabling Masquerding not working in new Networks #1527

Closed
opened 2025-11-20 05:32:16 -05:00 by saavagebueno · 8 comments
Owner

Originally created by @gadgetusaf on GitHub (Dec 30, 2024).

Describe the problem

traffic using the new network option does not allow for the disablement of masquerade setting.

To Reproduce

Steps to reproduce the behavior:

  1. goto https://netbird.domain.com/networks
  2. Select a network
  3. scrole down to Routing Peers
  4. Click edit next to the peer
  5. Clicked Advanced
  6. Toggle off and save

Expected behavior

Traffic would come from a netbird ip not the peer ip when routing to a remote network.

Are you using NetBird Cloud?

self-host NetBird's control plane.

NetBird version

0.35.1

NetBird status -dA output:

If applicable, the `netbird status -dA' command output, will be shared.

Originally created by @gadgetusaf on GitHub (Dec 30, 2024). **Describe the problem** traffic using the new network option does not allow for the disablement of masquerade setting. **To Reproduce** Steps to reproduce the behavior: 1. goto https://netbird.domain.com/networks 2. Select a network 3. scrole down to Routing Peers 4. Click edit next to the peer 5. Clicked Advanced 6. Toggle off and save **Expected behavior** Traffic would come from a netbird ip not the peer ip when routing to a remote network. **Are you using NetBird Cloud?** self-host NetBird's control plane. **NetBird version** 0.35.1 **NetBird status -dA output:** If applicable, the `netbird status -dA' command output, will be shared.
saavagebueno added the waiting-feedbacktriage-needed labels 2025-11-20 05:32:16 -05:00
Author
Owner

@the-project-group commented on GitHub (Dec 30, 2024):

It seems to be an UI issue. Technically it's really disabled (I traced it).

@the-project-group commented on GitHub (Dec 30, 2024): It seems to be an UI issue. Technically it's really disabled (I traced it).
Author
Owner

@gadgetusaf commented on GitHub (Jan 2, 2025):

When I ssh to a host the IP reported is the netbird Routing Peer IP address not the expected 100.97.x.x IP.

@gadgetusaf commented on GitHub (Jan 2, 2025): When I ssh to a host the IP reported is the netbird Routing Peer IP address not the expected 100.97.x.x IP.
Author
Owner

@florian-obradovic commented on GitHub (Jan 2, 2025):

let me double check on my end. For me it shouldn't work if NATted due to the firewall between routing peer and onPrem resources.

@florian-obradovic commented on GitHub (Jan 2, 2025): let me double check on my end. For me it shouldn't work if NATted due to the firewall between routing peer and onPrem resources.
Author
Owner

@florian-obradovic commented on GitHub (Jan 2, 2025):

Works on my end:
CleanShot 2025-01-02 at 11 23 19@2x
CleanShot 2025-01-02 at 11 24 16@2x

@florian-obradovic commented on GitHub (Jan 2, 2025): Works on my end: ![CleanShot 2025-01-02 at 11 23 19@2x](https://github.com/user-attachments/assets/c982f65c-9dce-4c99-9c8e-e087bfc2fb58) ![CleanShot 2025-01-02 at 11 24 16@2x](https://github.com/user-attachments/assets/16097c38-4f86-4f42-8bad-61929910120c)
Author
Owner

@gadgetusaf commented on GitHub (Jan 2, 2025):

I switched from the depreciated Network Routes to the new Networks, it was wroking prior to the switchover.

netstat -anl | grep :22 on a ubuntu server on the network with the peer

tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 192.168.6.158:22        192.168.9.2:64272       ESTABLISHED
tcp6       0    136 192.168.6.158:22        192.168.9.2:54108       ESTABLISHED
tcp6       0      0 192.168.6.158:22        192.168.9.2:65472       ESTABLISHED

ip route on remote peer

default via 192.168.9.1 dev ens18 proto dhcp src 192.168.9.2 metric 100 
100.97.0.0/16 dev wt0 proto kernel scope link src 100.97.124.195 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.9.0/24 dev ens18 proto kernel scope link src 192.168.9.2 metric 100 
Peers detail:
...
 netbird.netbird.selfhosted:
  NetBird IP: 100.97.124.195
  Public key: SBitVOWL5dYwzBFqSnJTWBLBmpaRe1WwG1LJ/zw3LQk=
  Status: Connected
  -- detail --
  Connection type: Relayed
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-
  Relay server address: rel://netbird2.anon-qm4Fs.domain:33080
  Last connection update: 1 minute, 29 seconds ago
  Last WireGuard handshake: -
  Transfer status (received/sent) 0 B/0 B
  Quantum resistance: false
  Routes: -
  Networks: -
  Latency: 0s

 ...

 cburton-mbp-bw.netbird.selfhosted:
  NetBird IP: 100.97.163.238
  Public key: 6CSNqwHtaXMpeL9uzIo46hQh+t3GREONsT0errarDQ0=
  Status: Connected
  -- detail --
  Connection type: P2P
  ICE candidate (Local/Remote): host/srflx
  ICE candidate endpoints (Local/Remote): 192.168.9.2:51820/198.51.100.4:51820
  Relay server address: rel://netbird2.anon-qm4Fs.domain:33080
  Last connection update: 1 minute, 40 seconds ago
  Last WireGuard handshake: 1 minute, 41 seconds ago
  Transfer status (received/sent) 777.4 KiB/1.0 MiB
  Quantum resistance: false
  Routes: -
  Networks: -
  Latency: 34.203616ms

 
OS: linux/amd64
Daemon version: 0.35.2
CLI version: 0.35.2
Management: Connected to https://netbird2.anon-IgIrB.domain:33073
Signal: Connected to http://netbird2.anon-IgIrB.domain:10000
Relays: 
  [stun:netbird2.anon-IgIrB.domain:3478] is Available
  [turn:netbird2.anon-IgIrB.domain:3478?transport=udp] is Available
  [rel://netbird2.anon-qm4Fs.domain:33080] is Available
Nameservers: 
  [192.168.10.39:53, 192.168.10.30:53] for [anon-hVNXH.domain] is Available
  [192.168.6.2:53, 192.168.6.3:53, 192.168.6.4:53] for [anon-7QPA0.domain] is Available
FQDN: netbird.netbird.selfhosted
NetBird IP: 100.97.124.195/16
Interface type: Kernel
Quantum resistance: false
Routes: 0.0.0.0/0, 10.0.1.202/32, 10.0.4.97/32, 192.168.1.0/24, 192.168.140.0/24, 192.168.5.0/24, 192.168.5.112/32, 192.168.6.0/24, 192.168.6.2/32, 192.168.6.3/32, 192.168.6.4/32, 192.168.6.55/32, 192.168.9.0/24, anon-7QPA0.domain
Networks: 0.0.0.0/0, 10.0.1.202/32, 10.0.4.97/32, 192.168.1.0/24, 192.168.140.0/24, 192.168.5.0/24, 192.168.5.112/32, 192.168.6.0/24, 192.168.6.2/32, 192.168.6.3/32, 192.168.6.4/32, 192.168.6.55/32, 192.168.9.0/24, anon-7QPA0.domain
Peers count: 10/30 Connected
@gadgetusaf commented on GitHub (Jan 2, 2025): I switched from the depreciated Network Routes to the new Networks, it was wroking prior to the switchover. `netstat -anl | grep :22` on a ubuntu server on the network with the peer ``` tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 192.168.6.158:22 192.168.9.2:64272 ESTABLISHED tcp6 0 136 192.168.6.158:22 192.168.9.2:54108 ESTABLISHED tcp6 0 0 192.168.6.158:22 192.168.9.2:65472 ESTABLISHED ``` `ip route` on remote peer ``` default via 192.168.9.1 dev ens18 proto dhcp src 192.168.9.2 metric 100 100.97.0.0/16 dev wt0 proto kernel scope link src 100.97.124.195 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 192.168.9.0/24 dev ens18 proto kernel scope link src 192.168.9.2 metric 100 ``` ``` Peers detail: ... netbird.netbird.selfhosted: NetBird IP: 100.97.124.195 Public key: SBitVOWL5dYwzBFqSnJTWBLBmpaRe1WwG1LJ/zw3LQk= Status: Connected -- detail -- Connection type: Relayed ICE candidate (Local/Remote): -/- ICE candidate endpoints (Local/Remote): -/- Relay server address: rel://netbird2.anon-qm4Fs.domain:33080 Last connection update: 1 minute, 29 seconds ago Last WireGuard handshake: - Transfer status (received/sent) 0 B/0 B Quantum resistance: false Routes: - Networks: - Latency: 0s ... cburton-mbp-bw.netbird.selfhosted: NetBird IP: 100.97.163.238 Public key: 6CSNqwHtaXMpeL9uzIo46hQh+t3GREONsT0errarDQ0= Status: Connected -- detail -- Connection type: P2P ICE candidate (Local/Remote): host/srflx ICE candidate endpoints (Local/Remote): 192.168.9.2:51820/198.51.100.4:51820 Relay server address: rel://netbird2.anon-qm4Fs.domain:33080 Last connection update: 1 minute, 40 seconds ago Last WireGuard handshake: 1 minute, 41 seconds ago Transfer status (received/sent) 777.4 KiB/1.0 MiB Quantum resistance: false Routes: - Networks: - Latency: 34.203616ms OS: linux/amd64 Daemon version: 0.35.2 CLI version: 0.35.2 Management: Connected to https://netbird2.anon-IgIrB.domain:33073 Signal: Connected to http://netbird2.anon-IgIrB.domain:10000 Relays: [stun:netbird2.anon-IgIrB.domain:3478] is Available [turn:netbird2.anon-IgIrB.domain:3478?transport=udp] is Available [rel://netbird2.anon-qm4Fs.domain:33080] is Available Nameservers: [192.168.10.39:53, 192.168.10.30:53] for [anon-hVNXH.domain] is Available [192.168.6.2:53, 192.168.6.3:53, 192.168.6.4:53] for [anon-7QPA0.domain] is Available FQDN: netbird.netbird.selfhosted NetBird IP: 100.97.124.195/16 Interface type: Kernel Quantum resistance: false Routes: 0.0.0.0/0, 10.0.1.202/32, 10.0.4.97/32, 192.168.1.0/24, 192.168.140.0/24, 192.168.5.0/24, 192.168.5.112/32, 192.168.6.0/24, 192.168.6.2/32, 192.168.6.3/32, 192.168.6.4/32, 192.168.6.55/32, 192.168.9.0/24, anon-7QPA0.domain Networks: 0.0.0.0/0, 10.0.1.202/32, 10.0.4.97/32, 192.168.1.0/24, 192.168.140.0/24, 192.168.5.0/24, 192.168.5.112/32, 192.168.6.0/24, 192.168.6.2/32, 192.168.6.3/32, 192.168.6.4/32, 192.168.6.55/32, 192.168.9.0/24, anon-7QPA0.domain Peers count: 10/30 Connected ```
Author
Owner

@the-project-group commented on GitHub (Jan 2, 2025):

What if you just toggle the button on the overview of the network (not on the advanced tab).
Does it work then?
For me it's only the advanced tab which always shows it as toggled on.

@the-project-group commented on GitHub (Jan 2, 2025): What if you just toggle the button on the overview of the network (not on the advanced tab). Does it work then? For me it's only the advanced tab which always shows it as toggled on.
Author
Owner

@nazarewk commented on GitHub (Apr 28, 2025):

Hello @gadgetusaf,

We're currently reviewing our open issues and would like to verify if this problem still exists in the latest NetBird version.

Could you please confirm if the issue is still there?

We may close this issue temporarily if we don't hear back from you within 2 weeks, but feel free to reopen it with updated information.

Thanks for your contribution to improving the project!

@nazarewk commented on GitHub (Apr 28, 2025): Hello @gadgetusaf, We're currently reviewing our open issues and would like to verify if this problem still exists in the [latest NetBird version](https://github.com/netbirdio/netbird/releases). Could you please confirm if the issue is still there? We may close this issue temporarily if we don't hear back from you within **2 weeks**, but feel free to reopen it with updated information. Thanks for your contribution to improving the project!
Author
Owner

@mlsmaycon commented on GitHub (Jun 1, 2025):

closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.

@mlsmaycon commented on GitHub (Jun 1, 2025): closing issue due to no recent feedback. Feel free to open a new one if the issue persist or reopen if this was a feature request.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: SVI/netbird#1527