From 8adb86f47a035764e3fc75897d3b180ec6cf99c3 Mon Sep 17 00:00:00 2001 From: Astro Date: Thu, 23 Apr 2020 20:13:18 +0200 Subject: [PATCH] freifunk: improve nat rules --- hosts/containers/freifunk/configuration.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/containers/freifunk/configuration.nix b/hosts/containers/freifunk/configuration.nix index c64cc9e0..eb6f2c32 100644 --- a/hosts/containers/freifunk/configuration.nix +++ b/hosts/containers/freifunk/configuration.nix @@ -44,8 +44,9 @@ in { # Setup routing into Freifunk, # masquerading anything that isn't already their IP range extraCommands = '' - set +e + ${pkgs.iproute}/bin/ip rule del priority 300 || true ${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx priority 300 + ${pkgs.iptables}/bin/iptables -t nat -F POSTROUTING ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \ \! --source 10.200.0.0/15 -o ${meshInterface} -j SNAT --to 10.200.${ddmeshAddrPart} set -e