dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/nat: optional networking.nat.externalInterface (#41758)

Browse Source
This commit is contained in:
volth 2018-06-10 16:29:32 +00:00 committed by xeji
parent fe1a066985
commit d4daddad75
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/services/networking/nat.nix
View File

@ -38,13 +38,13 @@ let
# NAT the marked packets.
${optionalString (cfg.internalInterfaces != []) ''
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 \
-o ${cfg.externalInterface} ${dest}
${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest}
''}
# NAT packets coming from the internal IPs.
${concatMapStrings (range: ''
iptables -w -t nat -A nixos-nat-post \
-s '${range}' -o ${cfg.externalInterface} ${dest}
-s '${range}' ${optionalString (cfg.externalInterface != null) "-o ${cfg.externalInterface}"} ${dest}
'') cfg.internalIPs}
# NAT from external ports to internal ports.
@ -134,7 +134,8 @@ in
};
networking.nat.externalInterface = mkOption {
type = types.str;
type = types.nullOr types.str;
default = null;
example = "eth1";
description =
''
@ -236,6 +237,15 @@ in
{ networking.firewall.extraCommands = mkBefore flushNat; }
(mkIf config.networking.nat.enable {
assertions = [
{ assertion = (cfg.dmzHost != null) -> (cfg.externalInterface != null);
message = "networking.nat.dmzHost requires networking.nat.externalInterface";
}
{ assertion = (cfg.forwardPorts != []) -> (cfg.externalInterface != null);
message = "networking.nat.forwardPorts requires networking.nat.externalInterface";
}
];
environment.systemPackages = [ pkgs.iptables ];
boot = {