diff options
| author | Kjetil Orbekk <kj@orbekk.com> | 2021-08-05 10:12:42 -0400 |
|---|---|---|
| committer | Kjetil Orbekk <kj@orbekk.com> | 2021-08-05 10:12:42 -0400 |
| commit | b3b4d95033e5f3f94179dc5fcf013e0039fc3a42 (patch) | |
| tree | 09a30944db68b745d74ebcada4f3ef2468cad92c /config | |
| parent | 4b26721ef5125ec662e34d78dd0957686d156670 (diff) | |
fixes
Diffstat (limited to 'config')
| -rw-r--r-- | config/router.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/config/router.nix b/config/router.nix index 7244882..26be594 100644 --- a/config/router.nix +++ b/config/router.nix @@ -67,7 +67,7 @@ in { @def $DEV_LAN = (${lan-dev}.100); @def $DEV_ADMIN = (${lan-dev}.255); @def $DEV_WAN = (${wan-dev} he0 mullvad nycmesh); - @def $NET_LAN = (10.0.0.0/8 172.20.0.0/16); + @def $NET_LAN = (172.20.0.0/16); # Forward dns queries to dnsmasq on LAN interfaces. domain (ip ip6) table nat chain PREROUTING { @@ -152,13 +152,16 @@ in { domain ip table nat { chain POSTROUTING { saddr $NET_LAN outerface $DEV_WAN MASQUERADE; - # saddr $NET_LAN daddr 172.20.30.1 MASQUERADE; } } domain (ip ip6) table mangle { chain PREROUTING { interface ${lan-dev}.30 MARK set-mark ${toString mullvadMark}; + } + } + domain ip table mangle { + chain PREROUTING { interface ${lan-dev}.32 MARK set-mark ${toString nycmeshMark}; } } @@ -250,6 +253,7 @@ in { dhcp-option=net:vlan100,option:dns-server,172.20.100.1 dhcp-range=vlan32,172.20.32.50,172.20.32.254,5m + dhcp-range=vlan32,::100,::500,constructor:bond0.32,slaac dhcp-option=net:vlan32,option:router,172.20.32.1 dhcp-option=net:vlan32,option:dns-server,172.20.32.1 @@ -352,6 +356,10 @@ in { address = "172.20.32.1"; prefixLength = 23; }]; + ipv6.addresses = [{ + address = "2001:470:8e2e:32::1"; + prefixLength = 64; + }]; useDHCP = false; }; } |