vcp-bula-nixfiles/hosts/router/nat.nix

{ config, pkgs, ... }:

{
  networking.firewall.extraCommands = ''
    # NAT for uplink
    ip46tables -w -t nat -N nat-post

    iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-a -j MASQUERADE
    iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-b -j MASQUERADE

    ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-a -j MASQUERADE
    ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-b -j MASQUERADE

    ip46tables -w -t nat -A POSTROUTING -j nat-post
  '';
  networking.firewall.extraStopCommands = ''
    # NAT for uplink
    ip46tables -w -t nat -D POSTROUTING -j nat-post 2>/dev/null || true
    ip46tables -w -t nat -F nat-post 2>/dev/null || true
    ip46tables -w -t nat -X nat-post 2>/dev/null || true
  '';
}
Enable nat on router uplinks 2022-07-14 23:32:21 +02:00			`{ config, pkgs, ... }:`

			`{`
			`networking.firewall.extraCommands = ''`
			`# NAT for uplink`
			`ip46tables -w -t nat -N nat-post`

			`iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-a -j MASQUERADE`
			`iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-b -j MASQUERADE`

			`ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-a -j MASQUERADE`
			`ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-b -j MASQUERADE`

			`ip46tables -w -t nat -A POSTROUTING -j nat-post`
			`'';`
			`networking.firewall.extraStopCommands = ''`
			`# NAT for uplink`
			`ip46tables -w -t nat -D POSTROUTING -j nat-post 2>/dev/null \|\| true`
			`ip46tables -w -t nat -F nat-post 2>/dev/null \|\| true`
			`ip46tables -w -t nat -X nat-post 2>/dev/null \|\| true`
			`'';`
			`}`