Merge pull request #3926 from lethalman/fwdports
nixos/nat: add forwardPorts for external->internal DNAT
This commit is contained in:
commit
4155121069
@ -75,6 +75,17 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
networking.nat.forwardPorts = mkOption {
|
||||
type = types.listOf types.attrs;
|
||||
default = [];
|
||||
example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; } ];
|
||||
description =
|
||||
''
|
||||
List of forwarded ports from the external interface to
|
||||
internal destinations by using DNAT.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
@ -118,6 +129,14 @@ in
|
||||
-s '${range}' -o ${cfg.externalInterface} ${dest}
|
||||
'') cfg.internalIPs}
|
||||
|
||||
# NAT from external ports to internal ports.
|
||||
${concatMapStrings (fwd: ''
|
||||
iptables -w -t nat -A PREROUTING \
|
||||
-i ${cfg.externalInterface} -p tcp \
|
||||
--dport ${builtins.toString fwd.sourcePort} \
|
||||
-j DNAT --to-destination ${fwd.destination}
|
||||
'') cfg.forwardPorts}
|
||||
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
'';
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user