ixos-module/container/upstream: fix noNat6
This commit is contained in:
parent
c06d5a797c
commit
bd95d81cba
|
@ -87,11 +87,13 @@ in
|
||||||
''}
|
''}
|
||||||
|
|
||||||
# Do not NAT our public IPv4 addresses
|
# Do not NAT our public IPv4 addresses
|
||||||
${lib.concatMapStringsSep "\n" (subnet: ''
|
${lib.concatMapStringsSep "\n" (net:
|
||||||
ip6tables -t nat -I nixos-nat-post \
|
lib.concatMapStrings (subnet: ''
|
||||||
-s ${subnet} \
|
ip6tables -t nat -I nixos-nat-post \
|
||||||
-j RETURN
|
-s ${subnet} \
|
||||||
'') upstreamInterfaces.${net}.upstream.noNat.subnets4}
|
-j RETURN
|
||||||
|
'') upstreamInterfaces.${net}.upstream.noNat.subnets4 or []
|
||||||
|
) (builtins.attrNames hostConf.interfaces)}
|
||||||
|
|
||||||
# Provide IPv6 upstream for everyone, using NAT66 when not from
|
# Provide IPv6 upstream for everyone, using NAT66 when not from
|
||||||
# our static prefixes
|
# our static prefixes
|
||||||
|
|
|
@ -30,7 +30,10 @@ in {
|
||||||
optionals lib.config.site.hosts.${hostName}.isRouter [
|
optionals lib.config.site.hosts.${hostName}.isRouter [
|
||||||
./container/bird.nix
|
./container/bird.nix
|
||||||
] ++
|
] ++
|
||||||
optionals (builtins.match "upstream.*" hostName != null) [
|
optionals (
|
||||||
|
builtins.match "upstream.*" hostName != null ||
|
||||||
|
hostName == "flpk-gw"
|
||||||
|
) [
|
||||||
./container/upstream.nix
|
./container/upstream.nix
|
||||||
./container/upstream/pppoe.nix
|
./container/upstream/pppoe.nix
|
||||||
] ++
|
] ++
|
||||||
|
|
Loading…
Reference in New Issue