diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2015-06-16 23:50:01 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2015-06-16 23:50:01 +0200 |
commit | aa66459482694575bf6742074513bc760e644942 (patch) | |
tree | 584a34b55027b35a22e839b9dd578a2b74531bc9 | |
parent | a59e78126b5da89da5e6b9d785126c9e4ffd9a58 (diff) | |
download | nixos-aa66459482694575bf6742074513bc760e644942.tar nixos-aa66459482694575bf6742074513bc760e644942.tar.gz nixos-aa66459482694575bf6742074513bc760e644942.tar.bz2 nixos-aa66459482694575bf6742074513bc760e644942.tar.xz nixos-aa66459482694575bf6742074513bc760e644942.zip |
No more bridge, copied NAT setup
-rw-r--r-- | bragi.nix | 16 |
1 files changed, 5 insertions, 11 deletions
@@ -160,27 +160,20 @@ | |||
160 | ''; | 160 | ''; |
161 | 161 | ||
162 | networking.interfaces = { | 162 | networking.interfaces = { |
163 | "wired" = { | 163 | "enp1s0" = { |
164 | useDHCP = false; | 164 | useDHCP = false; |
165 | ipAddress = "10.141.4.1"; | 165 | ipAddress = "10.141.4.1"; |
166 | prefixLength = 24; | 166 | prefixLength = 24; |
167 | }; | 167 | }; |
168 | }; | 168 | }; |
169 | 169 | ||
170 | networking.bridges."wired" = { | ||
171 | interfaces = [ "enp1s0" | ||
172 | "enp2s0" | ||
173 | "enp3s0" | ||
174 | ]; | ||
175 | }; | ||
176 | |||
177 | networking.nat = { | 170 | networking.nat = { |
178 | enable = true; | 171 | enable = true; |
179 | externalIP = "10.141.1.5"; | 172 | externalIP = "10.141.1.5"; |
180 | externalInterface = "wlp4s0"; | 173 | externalInterface = "wlp4s0"; |
181 | internalIPs = [ "10.141.4.0/24" | 174 | internalIPs = [ "10.141.4.0/24" |
182 | ]; | 175 | ]; |
183 | internalInterfaces = [ "wired" | 176 | internalInterfaces = [ "enp1s0" |
184 | ]; | 177 | ]; |
185 | }; | 178 | }; |
186 | 179 | ||
@@ -193,16 +186,17 @@ | |||
193 | ]; | 186 | ]; |
194 | extraCommands = '' | 187 | extraCommands = '' |
195 | iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE | 188 | iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE |
189 | iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCPET | ||
190 | iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT | ||
196 | ''; | 191 | ''; |
197 | }; | 192 | }; |
198 | 193 | ||
199 | services.dhcpd = { | 194 | services.dhcpd = { |
200 | enable = true; | 195 | enable = true; |
201 | interfaces = [ "wired" | 196 | interfaces = [ "enp1s0" |
202 | ]; | 197 | ]; |
203 | extraConfig = '' | 198 | extraConfig = '' |
204 | option subnet-mask 255.255.255.0; | 199 | option subnet-mask 255.255.255.0; |
205 | #option broadcast-address 10.141.1.1; | ||
206 | option domain-name-servers 10.141.1.1, 8.8.8.8, 8.8.4.4; | 200 | option domain-name-servers 10.141.1.1, 8.8.8.8, 8.8.4.4; |
207 | option domain-name "bragisheimr.yggdrasil"; | 201 | option domain-name "bragisheimr.yggdrasil"; |
208 | option routers 10.141.4.1; | 202 | option routers 10.141.4.1; |