diff options
author | sinanmohd <sinan@sinanmohd.com> | 2023-09-17 15:46:42 +0530 |
---|---|---|
committer | sinanmohd <sinan@sinanmohd.com> | 2023-09-17 16:02:30 +0530 |
commit | ff2ded07e7a525b2e26fc5d87b8ee258af53be93 (patch) | |
tree | f4c2d0414ae4bda7b2938552da578b88388cb5c7 /hosts | |
parent | bf8a48eae55bec89f06508136d65ee98ceace558 (diff) |
kay/networking: clean up
Diffstat (limited to 'hosts')
-rw-r--r-- | hosts/kay/modules/router.nix | 17 | ||||
-rw-r--r-- | hosts/kay/modules/wireguard.nix | 15 |
2 files changed, 12 insertions, 20 deletions
diff --git a/hosts/kay/modules/router.nix b/hosts/kay/modules/router.nix index e390ded..cf748ce 100644 --- a/hosts/kay/modules/router.nix +++ b/hosts/kay/modules/router.nix @@ -11,7 +11,11 @@ let in { networking = { - nat.enable = true; + nat = { + enable = true; + externalInterface = wanInterface; + internalInterfaces = [ lanInterface ]; + }; useDHCP = false; interfaces."${lanInterface}" = { ipv4.addresses = [{ @@ -20,17 +24,10 @@ in }]; }; firewall = { + allowedUDPPorts = [ 53 67 ]; + allowedTCPPorts = [ 53 ]; extraCommands = '' - # nat datagrams comming through lanInterface to wanInterface iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE - - # allow all traffic on lanInterface interface - iptables -I INPUT 1 -i ${lanInterface} -j ACCEPT - - # forward rules - iptables -I FORWARD 1 -i ${lanInterface} -o ${lanInterface} -j ACCEPT - iptables -I FORWARD 1 -i ${wanInterface} -o ${lanInterface} -j ACCEPT - iptables -I FORWARD 1 -i ${lanInterface} -o ${wanInterface} -j ACCEPT ''; }; }; diff --git a/hosts/kay/modules/wireguard.nix b/hosts/kay/modules/wireguard.nix index 4839280..efafdcb 100644 --- a/hosts/kay/modules/wireguard.nix +++ b/hosts/kay/modules/wireguard.nix @@ -11,20 +11,15 @@ in sops.secrets."misc/wireguard" = {}; networking = { - nat.enable = true; + nat = { + enable = true; + externalInterface = wanInterface; + internalInterfaces = [ wgInterface ]; + }; firewall = { allowedUDPPorts = [ port ]; extraCommands = '' - # nat datagrams comming through lanInterface to wanInterface iptables -t nat -I POSTROUTING 1 -s ${subnet}/${toString prefix} -o ${wanInterface} -j MASQUERADE - - # allow all traffic on lanInterface interface - iptables -I INPUT 1 -i ${wgInterface} -j ACCEPT - - # forward rules - iptables -I FORWARD 1 -i ${wgInterface} -o ${wgInterface} -j ACCEPT - iptables -I FORWARD 1 -i ${wanInterface} -o ${wgInterface} -j ACCEPT - iptables -I FORWARD 1 -i ${wgInterface} -o ${wanInterface} -j ACCEPT ''; }; |