Just copy more upstream code to not do stupid mistakes
This commit is contained in:
parent
6a29757919
commit
8c844dedd2
|
@ -98,20 +98,23 @@ in
|
||||||
|
|
||||||
${lib.optionalString (staticIpv4Address != null) ''
|
${lib.optionalString (staticIpv4Address != null) ''
|
||||||
# Allow connections to ${staticIpv4Address} from other hosts behind NAT
|
# Allow connections to ${staticIpv4Address} from other hosts behind NAT
|
||||||
${lib.concatMapStrings (fwd: ''
|
${lib.concatMapStrings (fwd: let
|
||||||
|
m = builtins.match "([0-9.]+):([0-9-]+)" fwd.destination;
|
||||||
|
destinationIP = if m == null then throw "bad ip:ports `${fwd.destination}'" else lib.elemAt m 0;
|
||||||
|
destinationPorts = if m == null then throw "bad ip:ports `${fwd.destination}'" else builtins.replaceStrings ["-"] [":"] (lib.elemAt m 1);
|
||||||
|
in ''
|
||||||
iptables -t nat -A nixos-nat-pre \
|
iptables -t nat -A nixos-nat-pre \
|
||||||
-d ${staticIpv4Address} -p ${fwd.proto} \
|
-d ${staticIpv4Address} -p ${fwd.proto} \
|
||||||
--dport ${builtins.toString fwd.sourcePort} \
|
--dport ${builtins.toString fwd.sourcePort} \
|
||||||
-j DNAT --to-destination ${fwd.destination}
|
-j DNAT --to-destination ${fwd.destination}
|
||||||
|
|
||||||
iptables -t nat -A nixos-nat-post \
|
iptables -t nat -A nixos-nat-post \
|
||||||
-d ${lib.elemAt (builtins.match "([0-9.]+):([0-9-]+)" fwd.destination) 0} -p ${fwd.proto} \
|
-d ${destinationIP} -p ${fwd.proto} \
|
||||||
--dport ${builtins.toString fwd.destination} \
|
--dport ${destinationPorts} \
|
||||||
-s ${config.site.net.core.subnet4} -j MASQUERADE
|
-s ${config.site.net.core.subnet4} -j MASQUERADE
|
||||||
|
|
||||||
iptables -t nat -A nixos-nat-post \
|
iptables -t nat -A nixos-nat-post \
|
||||||
-d ${lib.elemAt (builtins.match "([0-9.]+):([0-9-]+)" fwd.destination) 0} -p ${fwd.proto} \
|
-d ${destinationIP} -p ${fwd.proto} \
|
||||||
--dport ${builtins.toString fwd.destination} \
|
--dport ${destinationPorts} \
|
||||||
-s ${config.site.net.c3d2.subnet4} -j MASQUERADE
|
-s ${config.site.net.c3d2.subnet4} -j MASQUERADE
|
||||||
'') config.networking.nat.forwardPorts}
|
'') config.networking.nat.forwardPorts}
|
||||||
''}
|
''}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user