Enable nat on router uplinks
This commit is contained in:
parent
c028780b55
commit
a195a4b663
@ -5,6 +5,8 @@
|
|||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
|
./nat.nix
|
||||||
|
|
||||||
./10-net-services.nix
|
./10-net-services.nix
|
||||||
./42-net-management.nix
|
./42-net-management.nix
|
||||||
./101-net-uplink-a.nix
|
./101-net-uplink-a.nix
|
||||||
|
|||||||
22
hosts/router/nat.nix
Normal file
22
hosts/router/nat.nix
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
networking.firewall.extraCommands = ''
|
||||||
|
# NAT for uplink
|
||||||
|
ip46tables -w -t nat -N nat-post
|
||||||
|
|
||||||
|
iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-a -j MASQUERADE
|
||||||
|
iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-b -j MASQUERADE
|
||||||
|
|
||||||
|
ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-a -j MASQUERADE
|
||||||
|
ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-b -j MASQUERADE
|
||||||
|
|
||||||
|
ip46tables -w -t nat -A POSTROUTING -j nat-post
|
||||||
|
'';
|
||||||
|
networking.firewall.extraStopCommands = ''
|
||||||
|
# NAT for uplink
|
||||||
|
ip46tables -w -t nat -D POSTROUTING -j nat-post 2>/dev/null || true
|
||||||
|
ip46tables -w -t nat -F nat-post 2>/dev/null || true
|
||||||
|
ip46tables -w -t nat -X nat-post 2>/dev/null || true
|
||||||
|
'';
|
||||||
|
}
|
||||||
Loading…
Reference in New Issue
Block a user