diff options
| author | sinanmohd <sinan@sinanmohd.com> | 2024-06-12 15:33:37 +0530 |
|---|---|---|
| committer | sinanmohd <sinan@sinanmohd.com> | 2024-06-12 15:38:39 +0530 |
| commit | d258d56ceec7a54ecec7736c0bc0244f1555f77f (patch) | |
| tree | da0a8f9aec64965dee3d7acbbb85b50f9768d991 | |
| parent | b3f15be96cf5356914a24beaf1d430c2b5b387b7 (diff) | |
kay/router: perform mss clamping on ppp0
| -rw-r--r-- | os/kay/modules/router.nix | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/os/kay/modules/router.nix b/os/kay/modules/router.nix index 2254c3b..45c9dff 100644 --- a/os/kay/modules/router.nix +++ b/os/kay/modules/router.nix @@ -1,15 +1,13 @@ -{ ... }: +{ ... }: let + wanInterface = "ppp0"; -let lanInterface = "enp0s20u1"; - wanInterface = "ppp0"; subnet = "10.0.0.0"; prefix = 24; host = "10.0.0.1"; leaseRangeStart = "10.0.0.100"; leaseRangeEnd = "10.0.0.254"; -in -{ +in { imports = [ ./wireguard.nix ./iperf3.nix @@ -31,7 +29,13 @@ in allowedUDPPorts = [ 53 67 ]; allowedTCPPorts = [ 53 ]; extraCommands = '' - iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE + iptables -t nat -I POSTROUTING 1 \ + -s ${subnet}/${toString prefix} \ + -o ${wanInterface} \ + -j MASQUERADE + iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ + -o ${wanInterface} \ + -j TCPMSS --clamp-mss-to-pmtu ''; }; }; |