How to direct all traffic through this container?

[wyx087]

How do I direct all traffic through this NordLynx container?

In a VM, I would like to direct all internet traffic through this container.

This is the compose YAML. I'm guessing the Synology post_up script isn't quite right here?

services:
    nordlynx:
        image: ghcr.io/bubuntux/nordlynx
        hostname: nordlynx
        container_name: nordlynx
        cap_add:
            - NET_ADMIN                             # required
            - SYS_MODULE                            # maybe
        environment:
            - PRIVATE_KEY=[redacted]                # required
            - QUERY=filters\[servers_groups\]\[identifier\]=legacy_p2p
            - TZ=Europe/London
            - NET_LOCAL=10.0.0.0/24                 # So it can be accessed within the local network
            - ALLOWED_IPS=0.0.0.0/0
            - "POST_UP=ip -4 route add $$(wg | awk -F'[: ]' '/endpoint/ {print $$5}') via $$(ip route | awk '/defaul
t/ {print $$3}')"
            - "PRE_DOWN=ip -4 route del $$(route -n | awk '/255.255.255.255/ {print $$1}') via $$(ip route | awk '/d
efault/ {print $$3}')"

        sysctls:
            - net.ipv6.conf.all.disable_ipv6=1
        restart: unless-stopped

I got the following in the logs:

[2025-01-02T12:02:05+00:00] Connecting...
[#]
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.5.0.2/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables-restore -n
[#] ip -4 route add $(wg | awk -F'[: ]' '/endpoint/ {print $5}') via $(ip route | awk '/default/ {print $3}')
[2025-01-02T12:02:06+00:00] Connected! \(ᵔᵕᵔ)/

But when I ran curl icanhazip.com I still get the same IP regardless if this Docker container is running or not.