nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Try using builtin forwardPorts

Browse Source
This commit is contained in:
Niten 2021-03-17 22:29:34 +00:00
parent d3e395b71d
commit 8d9f4e247d
1 changed files with 37 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
lib/fudo/system.nix
View File

@ -439,65 +439,47 @@ in {
"net.ipv4.conf.all.route_localnet" = "1"; "net.ipv4.conf.all.route_localnet" = "1";
}; };
networking.firewall = let # networking.firewall = let
iptables = "ip46tables"; # iptables = "ip46tables";
ip-forward-line = protocols: internal: external: # ip-forward-line = protocols: internal: external:
concatStringsSep "\n" (map (protocol: '' # concatStringsSep "\n" (map (protocol: ''
# ${iptables} -I PREROUTING -p ${protocol} --dport ${
toString external
} -j REDIRECT --to-ports ${toString internal}
# ${iptables} -I OUTPUT -p ${protocol} -i lo --dport ${
toString external
} -j REDIRECT --to-ports ${toString internal}
# ${iptables} -I OUTPUT -p ${protocol} -o lo --dport ${
toString external
} -j REDIRECT --to-ports ${toString internal}
# ${iptables} -t nat -I PREROUTING -p ${protocol} --dport ${ # ${iptables} -t nat -I PREROUTING -p ${protocol} --dport ${
toString external # toString external
} -j REDIRECT --to-ports ${toString internal} # } -j REDIRECT --to-ports ${toString internal}
# ${iptables} -t nat -I OUTPUT -p ${protocol} -i lo --dport ${ # ${iptables} -t nat -I OUTPUT -s lo -p ${protocol} --dport ${
toString external # toString external
} -j REDIRECT --to-ports 127.0.0.1:${toString internal} # } -j REDIRECT --to-ports ${toString internal}
# ${iptables} -t nat -I OUTPUT -p ${protocol} -o lo --dport ${ # '') protocols);
toString external
} -j REDIRECT --to-ports ${toString internal}
'') protocols);
ip-unforward-line = protocols: internal: external:
concatStringsSep "\n" (map (protocol: ''
# ${iptables} -D PREROUTING -p ${protocol} --dport ${
toString external
} -j REDIRECT --to-ports ${toString internal}
# ${iptables} -D OUTPUT -p ${protocol} -i lo --dport ${
toString external
} -j REDIRECT --to-ports ${toString internal}
# ${iptables} -D OUTPUT -p ${protocol} -o lo --dport ${
toString external
} -j REDIRECT --to-ports ${toString internal}
# ip-unforward-line = protocols: internal: external:
# concatStringsSep "\n" (map (protocol: ''
# ${iptables} -t nat -D PREROUTING -p ${protocol} --dport ${ # ${iptables} -t nat -D PREROUTING -p ${protocol} --dport ${
toString external # toString external
} -j REDIRECT --to-ports ${toString internal} # } -j REDIRECT --to-ports ${toString internal}
# ${iptables} -t nat -D OUTPUT -p ${protocol} -i lo --dport ${ # ${iptables} -t nat -D OUTPUT -s lo -p ${protocol} --dport ${
toString external # toString external
} -j REDIRECT --to-ports 127.0.0.1:${toString internal} # } -j REDIRECT --to-ports ${toString internal}
# ${iptables} -t nat -D OUTPUT -p ${protocol} -o lo --dport ${ # '') protocols);
toString external # in {
} -j REDIRECT --to-ports ${toString internal} # enable = true;
'') protocols);
in {
enable = true;
extraCommands = concatStringsSep "\n" (mapAttrsToList (name: opts: # extraCommands = concatStringsSep "\n" (mapAttrsToList (name: opts:
ip-forward-line opts.protocols opts.internal-port opts.external-port) # ip-forward-line opts.protocols opts.internal-port opts.external-port)
cfg.internal-port-map); # cfg.internal-port-map);
extraStopCommands = concatStringsSep "\n" (mapAttrsToList (name: opts: # extraStopCommands = concatStringsSep "\n" (mapAttrsToList (name: opts:
ip-unforward-line opts.protocols opts.internal-port opts.external-port) # ip-unforward-line opts.protocols opts.internal-port opts.external-port)
cfg.internal-port-map); # cfg.internal-port-map);
}; # };
networking.nat.forwardPorts =
let portmaps = (attrValues opts.external-port);
in concatMap (opts:
map (protocol: {
destination = "127.0.0.1:${toString opts.internal-port}";
sourcePort = opts.external-port;
proto = protocol;
}) opts.protocols) (attrValues cfg.internal-port-map);
# Services.xinetd = mkIf ((length (attrNames cfg.internal-port-map)) > 0) { # Services.xinetd = mkIf ((length (attrNames cfg.internal-port-map)) > 0) {
# enable = true; # enable = true;