dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nat: enable NAT for multiple networks

Browse Source
This commit is contained in:
Jack Cummings 2012-10-05 22:11:57 -07:00 committed by Eelco Dolstra
parent e8d8b6b399
commit e40146de16
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
modules/services/networking/nat.nix
View File

@ -1,4 +1,6 @@
# This module enables Network Address Translation (NAT). # This module enables Network Address Translation (NAT).
# XXX: todo: support multiple upstream links
# see http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html
{ config, pkgs, ... }: { config, pkgs, ... }:
@ -25,11 +27,11 @@ in
}; };
networking.nat.internalIPs = mkOption { networking.nat.internalIPs = mkOption {
example = "192.168.1.0/24"; example = [ "192.168.1.0/24" ] ;
description = description =
'' ''
The IP address range for which to perform NAT. Packets The IP address ranges for which to perform NAT. Packets
coming from these addresses and destined for the external coming from these networks and destined for the external
interface will be rewritten. interface will be rewritten.
''; '';
}; };
@ -76,13 +78,17 @@ in
'' ''
iptables -t nat -F POSTROUTING iptables -t nat -F POSTROUTING
iptables -t nat -X iptables -t nat -X
''
+ (concatMapStrings (network:
''
iptables -t nat -A POSTROUTING \ iptables -t nat -A POSTROUTING \
-s ${cfg.internalIPs} -o ${cfg.externalInterface} \ -s ${network} -o ${cfg.externalInterface} \
${if cfg.externalIP == "" ${if cfg.externalIP == ""
then "-j MASQUERADE" then "-j MASQUERADE"
else "-j SNAT --to-source ${cfg.externalIP}"} else "-j SNAT --to-source ${cfg.externalIP}"}
''
) cfg.internalIPs) +
''
echo 1 > /proc/sys/net/ipv4/ip_forward echo 1 > /proc/sys/net/ipv4/ip_forward
''; '';
@ -91,7 +97,5 @@ in
iptables -t nat -F POSTROUTING iptables -t nat -F POSTROUTING
''; '';
}; };
}; };
} }