summaryrefslogtreecommitdiff
path: root/modules/router.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/router.nix')
-rw-r--r--modules/router.nix14
1 files changed, 7 insertions, 7 deletions
diff --git a/modules/router.nix b/modules/router.nix
index ff893df..8ec7479 100644
--- a/modules/router.nix
+++ b/modules/router.nix
@@ -226,23 +226,23 @@ let
type filter hook prerouting priority -150
# ip6 saddr 2001:470:8e2e::/48 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/64 meta nftrace set 1
ip6 saddr 2001:470:8e2e::/48 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/64 meta mark set ${toString heMark}
- meta nfproto ipv4 iifname vpnlan-vport meta mark set ${toString mullvadMark}
- ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/60 iifname vpnlan-vport meta mark set ${toString mullvadMark}
+ meta nfproto ipv4 iifname vpnlan-vport ip daddr != 172.20.0.0/16 meta mark set ${toString mullvadMark}
+ meta nfproto ipv6 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/60 iifname vpnlan-vport meta mark set ${toString mullvadMark}
}
}
table inet nat {
chain prerouting {
type nat hook prerouting priority -100; policy accept
- meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.30.2
- meta nfproto ipv4 iifname mullvad tcp dport 56732 dnat to 172.20.30.2
+ meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS counter dnat to 172.20.30.2
+ meta nfproto ipv4 iifname mullvad tcp dport 56732 counter dnat to 172.20.30.2
}
chain postrouting {
type nat hook postrouting priority 100; policy accept
- ip saddr 172.16.0.0/12 oifname {"wan-vport"} masquerade
- ip saddr 172.16.0.0/12 oifname {"mullvad"} masquerade
+ ip saddr 172.16.0.0/12 oifname {"wan-vport"} counter masquerade
+ ip saddr 172.16.0.0/12 oifname {"mullvad"} counter masquerade
# Nat66 on VPN :(
- meta nfproto ipv6 oifname {"mullvad"} masquerade
+ meta nfproto ipv6 oifname {"mullvad"} counter masquerade
}
}
'';
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-29 02:29:41 +0000