Enable nat on router uplinks

2022-07-14 23:32:21 +02:00 · 2022-07-14 23:32:21 +02:00 · a195a4b663
commit a195a4b663
parent c028780b55
2 changed files with 24 additions and 0 deletions
--- a/hosts/router/configuration.nix
+++ b/hosts/router/configuration.nix
@ -5,6 +5,8 @@
    [
      ./hardware-configuration.nix

+      ./nat.nix
+
      ./10-net-services.nix
      ./42-net-management.nix
      ./101-net-uplink-a.nix
--- a/hosts/router/nat.nix
+++ b/hosts/router/nat.nix
@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+  networking.firewall.extraCommands = ''
+    # NAT for uplink
+    ip46tables -w -t nat -N nat-post
+
+    iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-a -j MASQUERADE
+    iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-b -j MASQUERADE
+
+    ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-a -j MASQUERADE
+    ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-b -j MASQUERADE
+
+    ip46tables -w -t nat -A POSTROUTING -j nat-post
+  '';
+  networking.firewall.extraStopCommands = ''
+    # NAT for uplink
+    ip46tables -w -t nat -D POSTROUTING -j nat-post 2>/dev/null || true
+    ip46tables -w -t nat -F nat-post 2>/dev/null || true
+    ip46tables -w -t nat -X nat-post 2>/dev/null || true
+  '';
+}