ciapa
/
infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Configure NAT manually
ci / test (push) Successful in 1m18s Details
ci / deploy (push) Failing after 2m41s Details

This commit is contained in:
Ciapa 2024-02-09 19:13:52 +01:00
parent 5cbb5d2f33
commit c93000421f
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
hosts/phoenix.lewd.wtf/networking.nix
View File

@ -20,13 +20,6 @@
networking.defaultGateway = "192.168.0.1";
networking.nameservers = [ "192.168.0.1" ];
networking.nat = {
enable = true;
internalInterfaces = ["ve-+"];
externalInterface = "wg0";
enableIPv6 = true;
};
networking.firewall.enable = false;
networking.wireguard.interfaces = {
@ -44,6 +37,26 @@
persistentKeepalive = 25;
}
];
postSetup = [
# Force traffic from container networks through wg0
"ip route add table 2 default dev wg0"
"ip rule add from 192.168.100.0/24 table 2"
"ip rule add from 192.168.5.0/24 table 2"
# NAT
"iptables -I POSTROUTING -t nat -o wg0 -j MASQUERADE"
# Port forwarding
"iptables -A PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506"
];
postShutdown = [
# Force traffic from container networks through wg0
"ip rule del from 192.168.100.0/24 table 2"
"ip rule del from 192.168.5.0/24 table 2"
"ip route del table 2 default dev wg0"
# NAT
"iptables -D POSTROUTING -t nat -o wg0 -j MASQUERADE"
# Port forwarding
"iptables -D PREROUTING -t nat -p tcp -i wg0 --dport 51506 -j DNAT --to-destination 192.168.100.11:51506"
];
};
};
}