test
This commit is contained in:
parent
f8209b76b8
commit
6843bc8622
1 changed files with 20 additions and 17 deletions
|
@ -1,32 +1,35 @@
|
||||||
{ config, lib, pkgs, ... }: {
|
{ config, lib, pkgs, ... }: {
|
||||||
networking.firewall.allowedUDPPorts = [
|
networking = {
|
||||||
|
firewall = {
|
||||||
|
allowedUDPPorts = [
|
||||||
3478 # Headscale DERP UDP
|
3478 # Headscale DERP UDP
|
||||||
];
|
];
|
||||||
networking.firewall.allowedTCPPorts = [
|
allowedTCPPorts = [
|
||||||
80 # HTTP
|
80 # HTTP
|
||||||
443 # HTTPS
|
443 # HTTPS
|
||||||
42420 # Vintage Story
|
42420 # Vintage Story
|
||||||
25565 # Minecraft
|
25565 # Minecraft
|
||||||
1443 # Headscale DERP
|
1443 # Headscale DERP
|
||||||
];
|
];
|
||||||
|
};
|
||||||
|
|
||||||
networking = {
|
|
||||||
nftables = {
|
nftables = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ruleset = ''
|
ruleset = ''
|
||||||
table ip nat {
|
table ip nat {
|
||||||
chain PREROUTING {
|
chain PREROUTING {
|
||||||
type nat hook prerouting priority dstnat; policy accept;
|
type nat hook prerouting priority dstnat; policy accept;
|
||||||
iifname "enp0s4" tcp dport 80 dnat to 10.100.0.2:80 # HTTP
|
iifname "enp0s4" tcp dport 80 dnat to 10.100.0.2:80; # HTTP
|
||||||
iifname "enp0s4" tcp dport 443 dnat to 10.100.0.2:443 # HTTPS
|
iifname "enp0s4" tcp dport 443 dnat to 10.100.0.2:443; # HTTPS
|
||||||
iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420 # Vintage Story
|
iifname "enp0s4" tcp dport 42420 dnat to 10.100.0.2:42420; # Vintage Story
|
||||||
iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565 # Minecraft
|
iifname "enp0s4" tcp dport 25565 dnat to 10.100.0.2:25565; # Minecraft
|
||||||
iifname "enp0s4" tcp dport 1443 dnat to 10.100.0.2:1443 # Headscale DERP (tcp)
|
iifname "enp0s4" tcp dport 1443 dnat to 10.100.0.2:1443; # Headscale DERP (tcp)
|
||||||
iifname "enp0s4" tcp dport 3478 dnat to 10.100.0.2:3478 # Headscale DERP (udp)
|
iifname "enp0s4" tcp dport 3478 dnat to 10.100.0.2:3478; # Headscale DERP (udp)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
nat = {
|
nat = {
|
||||||
enable = true;
|
enable = true;
|
||||||
internalInterfaces = [ "wireguard0" ];
|
internalInterfaces = [ "wireguard0" ];
|
||||||
|
|
Loading…
Reference in a new issue