freifunk: improve nat rules

2020-04-23 20:13:18 +02:00 · 2020-04-23 20:13:18 +02:00 · 8adb86f47a
parent 4ee1e24064
commit 8adb86f47a
1 changed files with 2 additions and 1 deletions
--- a/hosts/containers/freifunk/configuration.nix
+++ b/hosts/containers/freifunk/configuration.nix
@ -44,8 +44,9 @@ in {
    # Setup routing into Freifunk,
    # masquerading anything that isn't already their IP range
    extraCommands = ''
-      set +e
+      ${pkgs.iproute}/bin/ip rule del priority 300 || true
      ${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx priority 300
+      ${pkgs.iptables}/bin/iptables -t nat -F POSTROUTING
      ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \
        \! --source 10.200.0.0/15 -o ${meshInterface} -j SNAT --to 10.200.${ddmeshAddrPart}
      set -e