{ config, pkgs, ... }: { networking.firewall.extraCommands = '' # NAT for uplink ip46tables -w -t nat -N nat-post iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-a -j MASQUERADE iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-b -j MASQUERADE ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-a -j MASQUERADE ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-b -j MASQUERADE ip46tables -w -t nat -A POSTROUTING -j nat-post ''; networking.firewall.extraStopCommands = '' # NAT for uplink ip46tables -w -t nat -D POSTROUTING -j nat-post 2>/dev/null || true ip46tables -w -t nat -F nat-post 2>/dev/null || true ip46tables -w -t nat -X nat-post 2>/dev/null || true ''; }