diff options
author | sinanmohd <sinan@sinanmohd.com> | 2024-11-23 18:22:47 +0530 |
---|---|---|
committer | sinanmohd <sinan@sinanmohd.com> | 2024-11-23 18:58:13 +0530 |
commit | 618747a28e93b9097324afffb41b3b77194ea6ae (patch) | |
tree | c08a2575ef227810d49aebb66a4da6a133dad4b1 /os/kay/modules | |
parent | 0787043ca5e6c889d6f6a474711e3666b11a8900 (diff) |
kay/router: allow access to gpon modem
Diffstat (limited to 'os/kay/modules')
-rw-r--r-- | os/kay/modules/router.nix | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/os/kay/modules/router.nix b/os/kay/modules/router.nix index 0d01465..64c653c 100644 --- a/os/kay/modules/router.nix +++ b/os/kay/modules/router.nix @@ -1,6 +1,10 @@ { ... }: let wanInterface = "ppp0"; + gponInterface = "enp3s0"; + gponHost = "192.168.38.2"; + gponPrefix = 24; + lanInterface = "enp8s0f3u1"; subnet = "10.0.0.0"; prefix = 24; @@ -19,10 +23,14 @@ in { externalInterface = wanInterface; internalInterfaces = [ lanInterface ]; }; - interfaces."${lanInterface}" = { - ipv4.addresses = [{ - address = host; - prefixLength = prefix; + interfaces = { + ${lanInterface}.ipv4.addresses = [{ + address = host; + prefixLength = prefix; + }]; + ${gponInterface}.ipv4.addresses = [{ + address = gponHost; + prefixLength = gponPrefix; }]; }; firewall = { @@ -36,6 +44,14 @@ in { iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ -o ${wanInterface} \ -j TCPMSS --clamp-mss-to-pmtu + + iptables -t nat -I POSTROUTING 1 \ + -s ${subnet}/${toString prefix} \ + -o ${gponInterface} \ + -j MASQUERADE + iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ + -o ${gponInterface} \ + -j TCPMSS --clamp-mss-to-pmtu ''; }; }; |