From 37fc33ec4361aa5670324b64a07b577e72f4a2f7 Mon Sep 17 00:00:00 2001
From: Anonymous <anon@anon.com>
Date: Sat, 6 Mar 2021 16:17:28 +0100
Subject: Talk about routing LAN

---
 Retiolum FAQ.md | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 Retiolum FAQ.md

diff --git a/Retiolum FAQ.md b/Retiolum FAQ.md
new file mode 100644
index 0000000..b629940
--- /dev/null
+++ b/Retiolum FAQ.md	
@@ -0,0 +1,14 @@
+# Q: how to route LAN hosts into retiolum?
+
+  First select a host in the LAN that has access to retiolum, let's say the host at `$ROUTERIP`.
+  On that host open the firewall and enable forwarding (example for IPv4, but IPv6 works similarly):
+  
+    iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+    iptables -A FORWARD -o tinc.alretiolum -j ACCEPT
+    iptables -t nat -A POSTROUTING -o tinc.retiolum -j MASQUERADE
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    
+  Then other hosts in the LAN can use `$ROUTERIP` to access retiolum by adding a route like this:
+  
+    ip route add 10.243.0.0/16 via $ROUTERIP
+
-- 
cgit v1.2.3