winzlieb/network
winzlieb
/
network
forked from zentralwerk/network
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

nixos-module/container/upstream: move clamp-mss-to-pmtu outa pppoe

This commit is contained in:
Astro 2022-09-19 21:43:38 +02:00
parent 4d094ae077
commit 626d8076bb
2 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nix/nixos-module/container/upstream.nix
View File

@ -65,6 +65,14 @@ in
externalInterface = firstUpstreamInterface;
externalIP = staticIpv4Address;
extraCommands = ''
# Add workaround for upstreams with wonky MTU
iptables -t mangle -A FORWARD \
-p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
ip6tables -t mangle -A FORWARD \
-p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
# Prohibit SMTP except for servers
iptables -N fwd_smtp || \
iptables -F fwd_smtp

9
nix/nixos-module/container/upstream/pppoe.nix
View File

@ -84,13 +84,4 @@ in lib.mkIf (pppoeInterfaces != {}) {
};
}) {} (builtins.attrNames pppoeInterfaces);
networking.nat.extraCommands = ''
iptables -A FORWARD \
-p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
ip6tables -A FORWARD \
-p tcp --tcp-flags SYN,RST SYN \
-j TCPMSS --clamp-mss-to-pmtu
'';
}