forked from zentralwerk/network
ixos-module/container/upstream: fix noNat6
This commit is contained in:
parent
c06d5a797c
commit
bd95d81cba
|
@ -87,11 +87,13 @@ in
|
|||
''}
|
||||
|
||||
# Do not NAT our public IPv4 addresses
|
||||
${lib.concatMapStringsSep "\n" (subnet: ''
|
||||
${lib.concatMapStringsSep "\n" (net:
|
||||
lib.concatMapStrings (subnet: ''
|
||||
ip6tables -t nat -I nixos-nat-post \
|
||||
-s ${subnet} \
|
||||
-j RETURN
|
||||
'') upstreamInterfaces.${net}.upstream.noNat.subnets4}
|
||||
'') upstreamInterfaces.${net}.upstream.noNat.subnets4 or []
|
||||
) (builtins.attrNames hostConf.interfaces)}
|
||||
|
||||
# Provide IPv6 upstream for everyone, using NAT66 when not from
|
||||
# our static prefixes
|
||||
|
|
|
@ -30,7 +30,10 @@ in {
|
|||
optionals lib.config.site.hosts.${hostName}.isRouter [
|
||||
./container/bird.nix
|
||||
] ++
|
||||
optionals (builtins.match "upstream.*" hostName != null) [
|
||||
optionals (
|
||||
builtins.match "upstream.*" hostName != null ||
|
||||
hostName == "flpk-gw"
|
||||
) [
|
||||
./container/upstream.nix
|
||||
./container/upstream/pppoe.nix
|
||||
] ++
|
||||
|
|
Loading…
Reference in New Issue