nixos-module/container/upstream: fix SNAT for forwarded ports

2021-09-06 23:19:08 +02:00 · 2021-09-06 23:19:08 +02:00 · 48cbaf5f08
parent 501f96a225
commit 48cbaf5f08
1 changed files with 6 additions and 15 deletions
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@ -88,25 +88,16 @@ in
          let
            inherit (upstreamInterfaces.${net}.upstream) staticIpv4Address;
          in lib.optionalString (staticIpv4Address != null) ''
-            iptables -w -t nat -A nixos-nat-post \
-              --source 172.20.0.0/14 \
+            iptables -w -t nat -I nixos-nat-post \
+              -i core \
              --dest ${staticIpv4Address}/32 \
              -j nixos-nat-post-forward
          '') (builtins.attrNames upstreamInterfaces)}

-        ${lib.concatMapStringsSep "\n" ({ proto, destination, sourcePort, ... }:
-            let
-              ds = builtins.split ":" destination;
-              port =
-                if builtins.length ds == 3
-                then lib.elemAt ds 2
-                else if builtins.length ds == 1
-                then toString sourcePort
-                else throw "Too many colons in a forwardPorts destination";
-            in ''
-              iptables -t nat -A nixos-nat-post-forward \
-                -p ${proto} --dport ${port} \
-                -j SNAT --to-source ${config.site.net.core.hosts4.${hostName}}
+        ${lib.concatMapStringsSep "\n" ({ proto, sourcePort, ... }: ''
+          iptables -t nat -A nixos-nat-post-forward \
+            -p ${proto} --dport ${toString sourcePort} \
+            -j SNAT --to-source ${config.site.net.core.hosts4.${hostName}}
        '') hostConf.forwardPorts}
      '';
    extraStopCommands =