Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

l gg23: configure NAT directly

Browse Source
This commit is contained in:
lassulus 2023-01-18 20:08:13 +01:00
parent 48659d3b63
commit 415b6a349c
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lass/2configs/gg23.nix
View File

@ -25,14 +25,15 @@ with import <stockholm/lib>;
# Managed = true; # Managed = true;
# }; # };
}; };
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
systemd.network.networks."50-int0" = { systemd.network.networks."50-int0" = {
name = "int0"; name = "int0";
address = [ address = [
"10.42.0.1/24" "10.42.0.1/24"
]; ];
networkConfig = { networkConfig = {
IPForward = "yes"; # IPForward = "yes";
IPMasquerade = "both"; # IPMasquerade = "both";
ConfigureWithoutCarrier = true; ConfigureWithoutCarrier = true;
DHCPServer = "yes"; DHCPServer = "yes";
# IPv6SendRA = "yes"; # IPv6SendRA = "yes";
@ -51,6 +52,9 @@ with import <stockholm/lib>;
krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [ krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
{ v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; } { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; }
]; ];
krebs.iptables.tables.nat.POSTROUTING.rules = [
{ v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; }
];
networking.domain = "gg23"; networking.domain = "gg23";