pyrox.dev
fork
Configure Feed
Select the types of activity you want to include in your feed.
lol
fork
Configure Feed
Select the types of activity you want to include in your feed.
Revert "nixos/nat: Allow nat without an externalInterface"
This reverts commit 431a98b12b5e1cc51181da815870dda5e23709f8.
Breaks nixos tests: http://hydra.nixos.org/build/35538207
+4
-9
+4
-9
nixos/modules/services/networking/nat.nix
+4
-9
nixos/modules/services/networking/nat.nix
···
12
12
13
13
dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}";
14
14
15
-
externalInterfaceFilter = param:
16
-
optionalString (cfg.externalInterface != null) "${param} ${cfg.externalInterface}";
17
-
18
15
flushNat = ''
19
16
iptables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true
20
17
iptables -w -t nat -F nixos-nat-pre 2>/dev/null || true
···
39
36
# NAT the marked packets.
40
37
${optionalString (cfg.internalInterfaces != []) ''
41
38
iptables -w -t nat -A nixos-nat-post -m mark --mark 1 \
42
-
${externalInterfaceFilter "-o"} ${dest}
39
+
-o ${cfg.externalInterface} ${dest}
43
40
''}
44
41
45
42
# NAT packets coming from the internal IPs.
46
43
${concatMapStrings (range: ''
47
44
iptables -w -t nat -A nixos-nat-post \
48
-
-s '${range}' \! -d '${range}'
49
-
${externalInterfaceFilter "-o"} ${dest}
45
+
-s '${range}' -o ${cfg.externalInterface} ${dest}
50
46
'') cfg.internalIPs}
51
47
52
48
# NAT from external ports to internal ports.
53
49
${concatMapStrings (fwd: ''
54
50
iptables -w -t nat -A nixos-nat-pre \
55
-
${externalInterfaceFilter "-i"} -p tcp \
51
+
-i ${cfg.externalInterface} -p tcp \
56
52
--dport ${builtins.toString fwd.sourcePort} \
57
53
-j DNAT --to-destination ${fwd.destination}
58
54
'') cfg.forwardPorts}
···
104
100
};
105
101
106
102
networking.nat.externalInterface = mkOption {
107
-
type = types.nullOr types.str;
108
-
default = null;
103
+
type = types.str;
109
104
example = "eth1";
110
105
description =
111
106
''