diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix index 1de0cdbb..60605f7e 100644 --- a/nixos/hosts/osaka-linode-01/firewall.nix +++ b/nixos/hosts/osaka-linode-01/firewall.nix @@ -21,41 +21,46 @@ # 5280 # Jitsi ]; - networking.nat.forwardPorts = [ - { # Headscale DERP UDP - destination = "10.100.0.2:3478"; - proto = "udp"; - sourcePort = 3478; - } - { # Jitsi - destination = "10.100.0.2:10000"; - proto = "udp"; - sourcePort = 10000; - } - { # HTTP - destination = "10.100.0.2:80"; - proto = "tcp"; - sourcePort = 80; - } - { # HTTPS - destination = "10.100.0.2:443"; - proto = "tcp"; - sourcePort = 443; - } - { # Vintage Story - destination = "10.100.0.2:42420"; - proto = "tcp"; - sourcePort = 42420; - } - { # Minecraft - destination = "10.100.0.2:25565"; - proto = "tcp"; - sourcePort = 25565; - } - { # Headscale DERP TCP - destination = "10.100.0.2:1443"; - proto = "tcp"; - sourcePort = 1443; - } - ]; + networking.nat = { + enable = true; + internalInterfaces = [ "enp0s4" ]; + externalInterface = "wireguard0" + forwardPorts = [ + { # Headscale DERP UDP + destination = "10.100.0.2:3478"; + proto = "udp"; + sourcePort = 3478; + } + { # Jitsi + destination = "10.100.0.2:10000"; + proto = "udp"; + sourcePort = 10000; + } + { # HTTP + destination = "10.100.0.2:80"; + proto = "tcp"; + sourcePort = 80; + } + { # HTTPS + destination = "10.100.0.2:443"; + proto = "tcp"; + sourcePort = 443; + } + { # Vintage Story + destination = "10.100.0.2:42420"; + proto = "tcp"; + sourcePort = 42420; + } + { # Minecraft + destination = "10.100.0.2:25565"; + proto = "tcp"; + sourcePort = 25565; + } + { # Headscale DERP TCP + destination = "10.100.0.2:1443"; + proto = "tcp"; + sourcePort = 1443; + } + ]; + }; } \ No newline at end of file