From 79afe6297737fc8a0487ec010b95d2031cd2e664 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 12 Jan 2023 21:56:26 +0100
Subject: [PATCH] upstream4: disable NAT reflection for 80+443/tcp

enables us to rate-limit properly
---
 config/net/upstream.nix | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/config/net/upstream.nix b/config/net/upstream.nix
index e6758fa..07a8704 100644
--- a/config/net/upstream.nix
+++ b/config/net/upstream.nix
@@ -31,15 +31,13 @@ in
     upstream4 = rec {
       forwardPorts = [
         { # http
-          destination = "172.20.73.45";
+          destination = servHosts.public-access-proxy;
           proto = "tcp";
-          reflect = true;
           sourcePort = 80;
         }
         { # https
-          destination = "172.20.73.45";
+          destination = servHosts.public-access-proxy;
           proto = "tcp";
-          reflect = true;
           sourcePort = 443;
         }
         { # gemini