From e0c5b2af594e9e2c8f727841333701c07ffb3f7b Mon Sep 17 00:00:00 2001
From: iFargle <albert@sysctl.io>
Date: Thu, 21 Dec 2023 14:43:40 +0900
Subject: [PATCH] Testing networking.nat.forwardPorts

---
 nixos/hosts/osaka-linode-01/firewall.nix | 116 +++++++----------------
 1 file changed, 35 insertions(+), 81 deletions(-)

diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix
index e5852a10..1de0cdbb 100644
--- a/nixos/hosts/osaka-linode-01/firewall.nix
+++ b/nixos/hosts/osaka-linode-01/firewall.nix
@@ -15,93 +15,47 @@
     42420 # Vintage Story
     25565 # Minecraft
     1443  # Headscale DERP
-    4443  # jitsi-jvb
-    5222  # Jitsi
-    5347  # Jitsi
-    5280  # Jitsi
+    # 4443  # jitsi-jvb
+    # 5222  # Jitsi
+    # 5347  # Jitsi
+    # 5280  # Jitsi
   ];
 
   networking.nat.forwardPorts =  [
-    {
+    { # Headscale DERP UDP
       destination = "10.100.0.2:3478";
       proto = "udp";
       sourcePort = 3478;
     }
+    { # Jitsi
+      destination = "10.100.0.2:10000";
+      proto = "udp";
+      sourcePort = 10000;
+    }
+    { # HTTP
+      destination = "10.100.0.2:80";
+      proto = "tcp";
+      sourcePort = 80;
+    }
+    { # HTTPS
+      destination = "10.100.0.2:443";
+      proto = "tcp";
+      sourcePort = 443;
+    }
+    { # Vintage Story
+      destination = "10.100.0.2:42420";
+      proto = "tcp";
+      sourcePort = 42420;
+    }
+    { # Minecraft
+      destination = "10.100.0.2:25565";
+      proto = "tcp";
+      sourcePort = 25565;
+    }
+    { # Headscale DERP TCP
+      destination = "10.100.0.2:1443";
+      proto = "tcp";
+      sourcePort = 1443;
+    }
   ];
-
-
-  # https://www.digitalocean.com/community/tutorials/how-to-forward-ports-through-a-linux-gateway-with-iptables
-  networking.firewall.extraCommands = '' 
-    iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-
-    # TCP PORTS ##################################################################################################
-    # PORT 80
-    iptables -t nat -A PREROUTING  -p tcp --dport 80 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 80 -j MASQUERADE
-    
-    # PORT 443
-    iptables -t nat -A PREROUTING  -p tcp --dport 443 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 443 -j MASQUERADE
-    
-    # # PORT 25  
-    # iptables -t nat -A PREROUTING  -p tcp --dport 25 -j DNAT --to-destination 10.100.0.2
-    # iptables -t nat -A POSTROUTING -p tcp --dport 25 -j MASQUERADE
-    # 
-    # # PORT 465 
-    # iptables -t nat -A PREROUTING  -p tcp --dport 465 -j DNAT --to-destination 10.100.0.2
-    # iptables -t nat -A POSTROUTING -p tcp --dport 465 -j MASQUERADE
-    # 
-    # # PORT 587 
-    # iptables -t nat -A PREROUTING  -p tcp --dport 587 -j DNAT --to-destination 10.100.0.2
-    # iptables -t nat -A POSTROUTING -p tcp --dport 587 -j MASQUERADE
-    # 
-    # # PORT 143 
-    # iptables -t nat -A PREROUTING  -p tcp --dport 143 -j DNAT --to-destination 10.100.0.2
-    # iptables -t nat -A POSTROUTING -p tcp --dport 143 -j MASQUERADE
-    # 
-    # # PORT 993 
-    # iptables -t nat -A PREROUTING  -p tcp --dport 993 -j DNAT --to-destination 10.100.0.2
-    # iptables -t nat -A POSTROUTING -p tcp --dport 993 -j MASQUERADE
-    # 
-    # # PORT 4190
-    # iptables -t nat -A PREROUTING  -p tcp --dport 4190 -j DNAT --to-destination 10.100.0.2
-    # iptables -t nat -A POSTROUTING -p tcp --dport 4190 -j MASQUERADE
-    
-    # PORT 42420
-    iptables -t nat -A PREROUTING  -p tcp --dport 42420 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 42420 -j MASQUERADE
-    
-    # PORT 25565
-    iptables -t nat -A PREROUTING  -p tcp --dport 25565 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 25565 -j MASQUERADE
-    
-    # PORT 1443
-    iptables -t nat -A PREROUTING  -p tcp --dport 1443 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 1443 -j MASQUERADE
-    
-    # PORT 4443
-    iptables -t nat -A PREROUTING  -p tcp --dport 4443 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 4443 -j MASQUERADE
-    
-    # PORT 5222
-    iptables -t nat -A PREROUTING  -p tcp --dport 5222 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 5222 -j MASQUERADE
-    
-    # PORT 5347
-    iptables -t nat -A PREROUTING  -p tcp --dport 5347 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 5347 -j MASQUERADE
-    
-    # PORT 5280
-    iptables -t nat -A PREROUTING  -p tcp --dport 5280 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p tcp --dport 5280 -j MASQUERADE
-    
-    # UDP PORTS ##################################################################################################
-    # PORT 10000
-    iptables -t nat -A PREROUTING  -p udp --dport 10000 -j DNAT --to-destination 10.100.0.2
-    iptables -t nat -A POSTROUTING -p udp --dport 10000 -j MASQUERADE
-
-    # # PORT 3478
-    # iptables -t nat -A PREROUTING  -p udp --dport 3478 -j DNAT --to-destination 10.100.0.2
-    # iptables -t nat -A POSTROUTING -p udp --dport 3478 -j MASQUERADE
-  '';
 }
\ No newline at end of file