From 618747a28e93b9097324afffb41b3b77194ea6ae Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Sat, 23 Nov 2024 18:22:47 +0530 Subject: kay/router: allow access to gpon modem --- os/kay/modules/router.nix | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'os/kay/modules') diff --git a/os/kay/modules/router.nix b/os/kay/modules/router.nix index 0d01465..64c653c 100644 --- a/os/kay/modules/router.nix +++ b/os/kay/modules/router.nix @@ -1,6 +1,10 @@ { ... }: let wanInterface = "ppp0"; + gponInterface = "enp3s0"; + gponHost = "192.168.38.2"; + gponPrefix = 24; + lanInterface = "enp8s0f3u1"; subnet = "10.0.0.0"; prefix = 24; @@ -19,10 +23,14 @@ in { externalInterface = wanInterface; internalInterfaces = [ lanInterface ]; }; - interfaces."${lanInterface}" = { - ipv4.addresses = [{ - address = host; - prefixLength = prefix; + interfaces = { + ${lanInterface}.ipv4.addresses = [{ + address = host; + prefixLength = prefix; + }]; + ${gponInterface}.ipv4.addresses = [{ + address = gponHost; + prefixLength = gponPrefix; }]; }; firewall = { @@ -36,6 +44,14 @@ in { iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ -o ${wanInterface} \ -j TCPMSS --clamp-mss-to-pmtu + + iptables -t nat -I POSTROUTING 1 \ + -s ${subnet}/${toString prefix} \ + -o ${gponInterface} \ + -j MASQUERADE + iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN \ + -o ${gponInterface} \ + -j TCPMSS --clamp-mss-to-pmtu ''; }; }; -- cgit v1.2.3