diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix index f00160e6..8e19620b 100644 --- a/nixos/hosts/framework-server/default.nix +++ b/nixos/hosts/framework-server/default.nix @@ -54,8 +54,8 @@ # Forward mail port 25 to sysctl.io / linode networking.firewall.extraCommands = '' - iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25 - iptables -t nat -A OUTPUT -p tcp --dport 25 -j DNAT --to-destination 10.100.0.1:25 + iptables -A PREROUTING -t nat -i wireguard0 -p tcp --dport 25 -j DNAT --to 10.100.0.1:25 + iptables -A INPUT -p tcp -m state --state NEW --dport 25 -i wireguard0 -j ACCEPT ''; boot.initrd.services.udev.rules = '' diff --git a/nixos/hosts/framework-server/wireguard.nix b/nixos/hosts/framework-server/wireguard.nix index e95c6662..2a173540 100644 --- a/nixos/hosts/framework-server/wireguard.nix +++ b/nixos/hosts/framework-server/wireguard.nix @@ -26,7 +26,6 @@ presharedKeyFile = "/run/secrets/wireguard_keys/preshared_key"; persistentKeepalive = 5; allowedIPs = [ "10.100.0.1/32" ]; - # endpoint = "64.176.54.57:51820"; # osaka-vultr-01 endpoint = "172.234.84.222:51820"; # osaka-linode-01 } ];