diff options
| author | lassulus <lassulus@lassul.us> | 2023-01-18 20:08:13 +0100 |
|---|---|---|
| committer | lassulus <lassulus@lassul.us> | 2023-01-18 20:08:13 +0100 |
| commit | 415b6a349c32ec47ce556850e90cc0dca7904b36 (patch) | |
| tree | d52b1e31b98fc4abeefe449f24eb68b0a949c3a6 | |
| parent | 48659d3b6353497aa74bbf68567001ba4f5cd47f (diff) | |
l gg23: configure NAT directly
| -rw-r--r-- | lass/2configs/gg23.nix | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix index b703d71ef..884d9a99d 100644 --- a/lass/2configs/gg23.nix +++ b/lass/2configs/gg23.nix @@ -25,14 +25,15 @@ with import <stockholm/lib>; # Managed = true; # }; }; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; systemd.network.networks."50-int0" = { name = "int0"; address = [ "10.42.0.1/24" ]; networkConfig = { - IPForward = "yes"; - IPMasquerade = "both"; + # IPForward = "yes"; + # IPMasquerade = "both"; ConfigureWithoutCarrier = true; DHCPServer = "yes"; # IPv6SendRA = "yes"; @@ -51,6 +52,9 @@ with import <stockholm/lib>; krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [ { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; } ]; + krebs.iptables.tables.nat.POSTROUTING.rules = [ + { v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; } + ]; networking.domain = "gg23"; |