I needed to print using a local receipt printer from the cloud VM when an order is placed by a customer.So the LAN printer has to be accessible from CloudVM.
Below is complete diagram of what I needed to do.
Before we go about setting up our infra and devices, lets create account with zerotier
Once you signup and logged on to https://my.zerotier.com/ – you have option to create a network. Usually network ID are random character just like this – 3efa5cb78aa5b235
Now we have a network, lets start creating the VM that will work as bridge. I have used Debian distro as VM to act as bridge PC. LAN IP – 192.168.9.51
Once the debian VM is ready, logon to the console and switch to root or use sudo.
apt install curl
curl -s https://install.zerotier.com | sudo bash
if installation is successful you will see below message with ZeroTier Address.
Few more command just to make sure zerotier is working/installed properly. if you may encounter error for command
bash: service: command not foundthis is due to PATH is not set correctly.
PATH=/sbin/:$PATHthat should fix. lets continue rest of the commands.
service zerotier-one restart
zerotier-cli status
zerotier-cli join 3efa5cb78aa5b235
Now we should see a new client waiting for connection to the network in zerotier panel.
One green but zero blue means one client yet to be authorized. ZeroTier have not allocated a managed ip to the VM.
Click on the checkbox to authorize.
Now ZeroTier has assigned an IP address to the VM.
This IP is different here because I have used another VM to create this guide. Make necessary adjustment as required.
Now install the ZeroTier windows client in the cloud VM. Approve the network from ZeroTier control panel and then ZeroTier will assign IP. 172.29.50.18
Now VM in cloud should be able to ping the PC (Debian VM) in LAN using ZeroTier IP 172.29.251.180
Now we will set up forwarding using iptables. Clear up iptables if any rules set. Refer here
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
Set forwarding rule inside the LAN VM so that traffic is forwarded to the printer Epson U220 in LAN with IP 192.168.9.12 and make it persistent
apt install iptables-persistentNow execute below commands. If you need clarification on these. pls comment my post, I will try my best.
sysctl net.ipv4.ip_forward=1
iptables -t nat -A PREROUTING -i ztppiwd5in -s 172.29.50.18 -j DNAT --to-destination 192.168.9.12
iptables -t nat -A POSTROUTING -s 172.29.50.18 -d 192.168.9.12 -j SNAT --to-source 192.168.9.51
iptables -A FORWARD -s 172.29.50.18 -d 192.168.9.12 -j ACCEPT
iptables -nvL
iptables-save > /etc/iptables/rules.v4
cat /etc/iptables/rules.v4
Permanent setting using /etc/sysctl.conf
We want to make this configuration permanent the best way to do it is using the file /etc/sysctl.conf where we can add a line containing net.ipv4.ip_forward = 1
net.ipv4.ip_forward = 1
If you already have an entry net.ipv4.ip_forward with the value 0 you can change that to 1.
To enable the changes made in sysctl.conf you will need to run the command:
/etc/init.d/procps restartMore details about this is here : askubuntu.com
Now the local printer EPSON U220 192.168.9.12 is exposed to the CloudVM over ZeroTier IP 172.29.251.180 as the Debian VM will forward all traffic coming from 172.29.50.18 to 192.168.9.12
If you have any problem setting up yours drop a comment here. I will try to reply earliest possible.