1
0

Enable nat on router uplinks

This commit is contained in:
clerie 2022-07-14 23:32:21 +02:00
parent c028780b55
commit a195a4b663
2 changed files with 24 additions and 0 deletions

View File

@ -5,6 +5,8 @@
[ [
./hardware-configuration.nix ./hardware-configuration.nix
./nat.nix
./10-net-services.nix ./10-net-services.nix
./42-net-management.nix ./42-net-management.nix
./101-net-uplink-a.nix ./101-net-uplink-a.nix

22
hosts/router/nat.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, ... }:
{
networking.firewall.extraCommands = ''
# NAT for uplink
ip46tables -w -t nat -N nat-post
iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-a -j MASQUERADE
iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-b -j MASQUERADE
ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-a -j MASQUERADE
ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-b -j MASQUERADE
ip46tables -w -t nat -A POSTROUTING -j nat-post
'';
networking.firewall.extraStopCommands = ''
# NAT for uplink
ip46tables -w -t nat -D POSTROUTING -j nat-post 2>/dev/null || true
ip46tables -w -t nat -F nat-post 2>/dev/null || true
ip46tables -w -t nat -X nat-post 2>/dev/null || true
'';
}