diff options
| -rw-r--r-- | modules/router.nix | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/modules/router.nix b/modules/router.nix index ff893df..8ec7479 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -226,23 +226,23 @@ let type filter hook prerouting priority -150 # ip6 saddr 2001:470:8e2e::/48 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/64 meta nftrace set 1 ip6 saddr 2001:470:8e2e::/48 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/64 meta mark set ${toString heMark} - meta nfproto ipv4 iifname vpnlan-vport meta mark set ${toString mullvadMark} - ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/60 iifname vpnlan-vport meta mark set ${toString mullvadMark} + meta nfproto ipv4 iifname vpnlan-vport ip daddr != 172.20.0.0/16 meta mark set ${toString mullvadMark} + meta nfproto ipv6 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/60 iifname vpnlan-vport meta mark set ${toString mullvadMark} } } table inet nat { chain prerouting { type nat hook prerouting priority -100; policy accept - meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.30.2 - meta nfproto ipv4 iifname mullvad tcp dport 56732 dnat to 172.20.30.2 + meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS counter dnat to 172.20.30.2 + meta nfproto ipv4 iifname mullvad tcp dport 56732 counter dnat to 172.20.30.2 } chain postrouting { type nat hook postrouting priority 100; policy accept - ip saddr 172.16.0.0/12 oifname {"wan-vport"} masquerade - ip saddr 172.16.0.0/12 oifname {"mullvad"} masquerade + ip saddr 172.16.0.0/12 oifname {"wan-vport"} counter masquerade + ip saddr 172.16.0.0/12 oifname {"mullvad"} counter masquerade # Nat66 on VPN :( - meta nfproto ipv6 oifname {"mullvad"} masquerade + meta nfproto ipv6 oifname {"mullvad"} counter masquerade } } ''; |