From 415b6a349c32ec47ce556850e90cc0dca7904b36 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Wed, 18 Jan 2023 20:08:13 +0100
Subject: l gg23: configure NAT directly

---
 lass/2configs/gg23.nix | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lass/2configs/gg23.nix')

diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
index b703d71e..884d9a99 100644
--- a/lass/2configs/gg23.nix
+++ b/lass/2configs/gg23.nix
@@ -25,14 +25,15 @@ with import <stockholm/lib>;
     #   Managed = true;
     # };
   };
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   systemd.network.networks."50-int0" = {
     name = "int0";
     address = [
       "10.42.0.1/24"
     ];
     networkConfig = {
-      IPForward = "yes";
-      IPMasquerade = "both";
+      # IPForward = "yes";
+      # IPMasquerade = "both";
       ConfigureWithoutCarrier = true;
       DHCPServer = "yes";
       # IPv6SendRA = "yes";
@@ -51,6 +52,9 @@ with import <stockholm/lib>;
   krebs.iptables.tables.nat.PREROUTING.rules = mkBefore [
     { v6 = false; predicate = "-s 10.42.0.0/24"; target = "ACCEPT"; }
   ];
+  krebs.iptables.tables.nat.POSTROUTING.rules = [
+    { v6 = false; predicate = "-s 10.42.0.0/24"; target = "MASQUERADE"; }
+  ];
 
   networking.domain = "gg23";
 
-- 
cgit v1.2.3