23 lines
786 B
Nix
23 lines
786 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
networking.firewall.extraCommands = ''
|
|
# NAT for uplink
|
|
ip46tables -w -t nat -N nat-post
|
|
|
|
iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-a -j MASQUERADE
|
|
iptables -w -t nat -A nat-post -s '10.42.0.0/16' -o ppp-uplink-b -j MASQUERADE
|
|
|
|
ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-a -j MASQUERADE
|
|
ip6tables -w -t nat -A nat-post -s 'fd00:10:42::/48' -o ppp-uplink-b -j MASQUERADE
|
|
|
|
ip46tables -w -t nat -A POSTROUTING -j nat-post
|
|
'';
|
|
networking.firewall.extraStopCommands = ''
|
|
# NAT for uplink
|
|
ip46tables -w -t nat -D POSTROUTING -j nat-post 2>/dev/null || true
|
|
ip46tables -w -t nat -F nat-post 2>/dev/null || true
|
|
ip46tables -w -t nat -X nat-post 2>/dev/null || true
|
|
'';
|
|
}
|