voronind/nix
0
0
Fork 0
Code Issues 40 Pull requests Packages Projects Releases Wiki Activity

Home : Allow ssh connection from vpn.

Browse source
This commit is contained in:
Dmitry Voronin 2024-08-14 20:59:42 +03:00
parent d57fd86708
commit 8af465e7ba
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
host/home/Network.nix
View file

@ -31,10 +31,10 @@ in {
extraCommands = let
cfg = config.container.module;
# mkForward = src: sport: dst: dport: proto: "iptables -t nat -I PREROUTING -i ${src} -p ${proto} --dport ${toString sport} -j DNAT --to-destination ${dst}:${toString dport}\n";
mkForward = src: sport: dst: dport: proto: "iptables -t nat -I PREROUTING -d ${src} -p ${proto} --dport ${toString sport} -j DNAT --to-destination ${dst}:${toString dport}\n";
in ''
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -d 0/0 -o ${wan} -j MASQUERADE
iptables -I INPUT -j ACCEPT -s ${cfg.vpn.address} -d ${internal}
''
+ (mkForward internal cfg.dns.port cfg.dns.address cfg.dns.port "tcp")
+ (mkForward internal cfg.dns.port cfg.dns.address cfg.dns.port "udp")
@ -61,14 +61,14 @@ in {
;
interfaces = {
"${wan}" = {
${wan} = {
allowedUDPPorts = [
];
allowedTCPPorts = [
# 22143
];
};
"${lan}" = {
${lan} = {
allowedUDPPorts = [
];
allowedTCPPorts = [
@ -84,7 +84,7 @@ in {
];
interfaces = {
"${lan}".ipv4 = {
${lan}.ipv4 = {
addresses = [{
address = internal;
prefixLength = 24;