From aa66459482694575bf6742074513bc760e644942 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Tue, 16 Jun 2015 23:50:01 +0200
Subject: No more bridge, copied NAT setup

---
 bragi.nix | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

(limited to 'bragi.nix')

diff --git a/bragi.nix b/bragi.nix
index babd43d8..ad68e47e 100644
--- a/bragi.nix
+++ b/bragi.nix
@@ -160,27 +160,20 @@
   '';
 
   networking.interfaces = {
-    "wired" = {
+    "enp1s0" = {
       useDHCP = false;
       ipAddress = "10.141.4.1";
       prefixLength = 24;
     };
   };
 
-  networking.bridges."wired" = {
-    interfaces = [ "enp1s0"
-                   "enp2s0"
-                   "enp3s0"
-                 ];
-  };
-
   networking.nat = {
     enable = true;
     externalIP = "10.141.1.5";
     externalInterface = "wlp4s0";
     internalIPs = [ "10.141.4.0/24"
                   ];
-    internalInterfaces = [ "wired"
+    internalInterfaces = [ "enp1s0"
                          ];
   };
 
@@ -193,16 +186,17 @@
                            ];
     extraCommands = ''
       iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE
+      iptables -A FORWARD -i wlp4s0 -o enp1s0 -m state --state RELATED,ESTABLISHED -j ACCPET
+      iptables -A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT
     '';
   };
 
   services.dhcpd = {
     enable = true;
-    interfaces = [ "wired"
+    interfaces = [ "enp1s0"
                  ];
     extraConfig = ''
       option subnet-mask 255.255.255.0;
-      #option broadcast-address 10.141.1.1;
       option domain-name-servers 10.141.1.1, 8.8.8.8, 8.8.4.4;
       option domain-name "bragisheimr.yggdrasil";
       option routers 10.141.4.1;
-- 
cgit v1.2.3