l gg23: configure NAT directly

2023-01-18 20:08:13 +01:00 · 2023-01-18 20:08:13 +01:00 · 415b6a349c
commit 415b6a349c
parent 48659d3b63
1 changed files with 6 additions and 2 deletions
--- a/lass/2configs/gg23.nix
+++ b/lass/2configs/gg23.nix
@ -25,14 +25,15 @@ with import <stockholm/lib>;
    #   Managed = true;
    # };
  };
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
  systemd.network.networks."50-int0" = {
    name = "int0";
    address = [
      "10.42.0.1/24"
    ];
    networkConfig = {
-      IPForward = "yes";
-      IPMasquerade = "both";
+      # IPForward = "yes";
+      # IPMasquerade = "both";
      ConfigureWithoutCarrier = true;
      DHCPServer = "yes";
      # IPv6SendRA = "yes";
@ -51,6 +52,9 @@ with import <stockholm/lib>;
  krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
    { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; }
  ];
+  krebs.iptables.tables.nat.POSTROUTING.rules = [
+    { v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; }
+  ];

  networking.domain = "gg23";