From 4b6fd3d667bdf034ca0df2109bb7a1edf666c137 Mon Sep 17 00:00:00 2001 From: Kjetil Orbekk Date: Thu, 2 Mar 2023 07:51:42 -0500 Subject: config --- modules/router.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/modules/router.nix b/modules/router.nix index ff893df..8ec7479 100644 --- a/modules/router.nix +++ b/modules/router.nix @@ -226,23 +226,23 @@ let type filter hook prerouting priority -150 # ip6 saddr 2001:470:8e2e::/48 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/64 meta nftrace set 1 ip6 saddr 2001:470:8e2e::/48 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/64 meta mark set ${toString heMark} - meta nfproto ipv4 iifname vpnlan-vport meta mark set ${toString mullvadMark} - ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/60 iifname vpnlan-vport meta mark set ${toString mullvadMark} + meta nfproto ipv4 iifname vpnlan-vport ip daddr != 172.20.0.0/16 meta mark set ${toString mullvadMark} + meta nfproto ipv6 ip6 daddr != 2001:470:8e2e::/48 ip6 daddr != fe80::/60 iifname vpnlan-vport meta mark set ${toString mullvadMark} } } table inet nat { chain prerouting { type nat hook prerouting priority -100; policy accept - meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS dnat to 172.20.30.2 - meta nfproto ipv4 iifname mullvad tcp dport 56732 dnat to 172.20.30.2 + meta nfproto ipv4 iifname wan-vport tcp dport $SERVER_WAN_PORTS counter dnat to 172.20.30.2 + meta nfproto ipv4 iifname mullvad tcp dport 56732 counter dnat to 172.20.30.2 } chain postrouting { type nat hook postrouting priority 100; policy accept - ip saddr 172.16.0.0/12 oifname {"wan-vport"} masquerade - ip saddr 172.16.0.0/12 oifname {"mullvad"} masquerade + ip saddr 172.16.0.0/12 oifname {"wan-vport"} counter masquerade + ip saddr 172.16.0.0/12 oifname {"mullvad"} counter masquerade # Nat66 on VPN :( - meta nfproto ipv6 oifname {"mullvad"} masquerade + meta nfproto ipv6 oifname {"mullvad"} counter masquerade } } ''; -- cgit v1.2.3