Wrong branch.

Revert " nat: enable NAT for multiple networks" This reverts commit a24e4b4af20a0b95c13edfbf4b5705a27ff8f045.
2012-10-05 22:11:16 -07:00 · 2012-10-05 22:11:16 -07:00 · be3e812439
commit be3e812439
parent a24e4b4af2
1 changed files with 8 additions and 12 deletions
--- a/modules/services/networking/nat.nix
+++ b/modules/services/networking/nat.nix
@ -1,6 +1,4 @@
 # This module enables Network Address Translation (NAT).
-# XXX: todo: support multiple upstream links
-# see http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html

 { config, pkgs, ... }:

@ -27,11 +25,11 @@ in
    };

    networking.nat.internalIPs = mkOption {
-      example = [ "192.168.1.0/24" ] ;
+      example = "192.168.1.0/24";
      description =
        ''
-          The IP address ranges for which to perform NAT.  Packets
-          coming from these networks and destined for the external
+          The IP address range for which to perform NAT.  Packets
+          coming from these addresses and destined for the external
          interface will be rewritten.
        '';
    };
@ -78,17 +76,13 @@ in
          ''
            iptables -t nat -F POSTROUTING
            iptables -t nat -X
-          '' 
-          + (concatMapStrings (network: 
-            ''
+
            iptables -t nat -A POSTROUTING \
-              -s ${network} -o ${cfg.externalInterface} \
+              -s ${cfg.internalIPs} -o ${cfg.externalInterface} \
              ${if cfg.externalIP == ""
                then "-j MASQUERADE"
                else "-j SNAT --to-source ${cfg.externalIP}"}
-            ''
-          ) cfg.internalIPs) +
-          ''
+
            echo 1 > /proc/sys/net/ipv4/ip_forward
          '';

@ -97,5 +91,7 @@ in
            iptables -t nat -F POSTROUTING
          '';
      };
+
  };
+
 }