diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2015-06-16 23:50:01 +0200 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2015-06-16 23:50:01 +0200 |
| commit | aa66459482694575bf6742074513bc760e644942 (patch) | |
| tree | 584a34b55027b35a22e839b9dd578a2b74531bc9 | |
| parent | a59e78126b5da89da5e6b9d785126c9e4ffd9a58 (diff) | |
| download | nixos-aa66459482694575bf6742074513bc760e644942.tar nixos-aa66459482694575bf6742074513bc760e644942.tar.gz nixos-aa66459482694575bf6742074513bc760e644942.tar.bz2 nixos-aa66459482694575bf6742074513bc760e644942.tar.xz nixos-aa66459482694575bf6742074513bc760e644942.zip | |
No more bridge, copied NAT setup
| -rw-r--r-- | bragi.nix | 16 |
1 files changed, 5 insertions, 11 deletions
| @@ -160,27 +160,20 @@ | |||
| 160 | ''; | 160 | ''; |
| 161 | 161 | ||
| 162 | networking.interfaces = { | 162 | networking.interfaces = { |
| 163 | "wired" = { | 163 | "enp1s0" = { |
| 164 | useDHCP = false; | 164 | useDHCP = false; |
| 165 | ipAddress = "10.141.4.1"; | 165 | ipAddress = "10.141.4.1"; |
| 166 | prefixLength = 24; | 166 | prefixLength = 24; |
| 167 | }; | 167 | }; |
| 168 | }; | 168 | }; |
| 169 | 169 | ||
| 170 | networking.bridges."wired" = { | ||
| 171 | interfaces = [ "enp1s0" | ||
| 172 | "enp2s0" | ||
| 173 | "enp3s0" | ||
| 174 | ]; | ||
| 175 | }; | ||
| 176 | |||
| 177 | networking.nat = { | 170 | networking.nat = { |
| 178 | enable = true; | 171 | enable = true; |
| 179 | externalIP = "10.141.1.5"; | 172 | externalIP = "10.141.1.5"; |
| 180 | externalInterface = "wlp4s0"; | 173 | externalInterface = "wlp4s0"; |
| 181 | internalIPs = [ "10.141.4.0/24" | 174 | internalIPs = [ "10.141.4.0/24" |
| 182 | ]; | 175 | ]; |
| 183 | internalInterfaces = [ "wired" | 176 | internalInterfaces = [ "enp1s0" |
| 184 | ]; | 177 | ]; |
| 185 | }; | 178 | }; |
| 186 | 179 | ||
| @@ -193,16 +186,17 @@ | |||
| 193 | ]; | 186 | ]; |
| 194 | extraCommands = '' | 187 | extraCommands = '' |
| 195 | iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE | 188 | iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE |
| 189 | iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCPET | ||
| 190 | iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT | ||
| 196 | ''; | 191 | ''; |
| 197 | }; | 192 | }; |
| 198 | 193 | ||
| 199 | services.dhcpd = { | 194 | services.dhcpd = { |
| 200 | enable = true; | 195 | enable = true; |
| 201 | interfaces = [ "wired" | 196 | interfaces = [ "enp1s0" |
| 202 | ]; | 197 | ]; |
| 203 | extraConfig = '' | 198 | extraConfig = '' |
| 204 | option subnet-mask 255.255.255.0; | 199 | option subnet-mask 255.255.255.0; |
| 205 | #option broadcast-address 10.141.1.1; | ||
| 206 | option domain-name-servers 10.141.1.1, 8.8.8.8, 8.8.4.4; | 200 | option domain-name-servers 10.141.1.1, 8.8.8.8, 8.8.4.4; |
| 207 | option domain-name "bragisheimr.yggdrasil"; | 201 | option domain-name "bragisheimr.yggdrasil"; |
| 208 | option routers 10.141.4.1; | 202 | option routers 10.141.4.1; |