diff options
| -rw-r--r-- | os/kay/modules/router.nix | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/os/kay/modules/router.nix b/os/kay/modules/router.nix index 0d01465..64c653c 100644 --- a/os/kay/modules/router.nix +++ b/os/kay/modules/router.nix @@ -1,6 +1,10 @@ { ... }: let wanInterface = "ppp0"; + gponInterface = "enp3s0"; + gponHost = "192.168.38.2"; + gponPrefix = 24; + lanInterface = "enp8s0f3u1"; subnet = "10.0.0.0"; prefix = 24; @@ -19,10 +23,14 @@ in { externalInterface = wanInterface; internalInterfaces = [ lanInterface ]; }; - interfaces."${lanInterface}" = { - ipv4.addresses = [{ - address = host; - prefixLength = prefix; + interfaces = { + ${lanInterface}.ipv4.addresses = [{ + address = host; + prefixLength = prefix; + }]; + ${gponInterface}.ipv4.addresses = [{ + address = gponHost; + prefixLength = gponPrefix; }]; }; firewall = { @@ -36,6 +44,14 @@ in { iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ -o ${wanInterface} \ -j TCPMSS --clamp-mss-to-pmtu + + iptables -t nat -I POSTROUTING 1 \ + -s ${subnet}/${toString prefix} \ + -o ${gponInterface} \ + -j MASQUERADE + iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ + -o ${gponInterface} \ + -j TCPMSS --clamp-mss-to-pmtu ''; }; }; |