From d09ec6c6a3260ce3c320ce2e3f252e7fb50eef55 Mon Sep 17 00:00:00 2001 From: Tim Keller Date: Mon, 30 Mar 2026 22:44:35 -0500 Subject: add wg1 for poweredge and masquerade for wg1 etc --- hosts/poweredge/networking.nix | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) (limited to 'hosts/poweredge/networking.nix') diff --git a/hosts/poweredge/networking.nix b/hosts/poweredge/networking.nix index c293831..7632a86 100644 --- a/hosts/poweredge/networking.nix +++ b/hosts/poweredge/networking.nix @@ -1,5 +1,6 @@ { networking = { + enableIPv6 = false; # Label lan and wan interfaces _interfaceLabels = { enable = true; @@ -16,36 +17,40 @@ }]; wan0.useDHCP = true; }; - #defaultGateway.interface = "wan0"; - nameservers = [ "127.0.0.1" ]; # Firewall rules firewall = { interfaces.wan0 = { allowedUDPPorts = [ 51820 ]; }; }; - #nat.forwardPorts = [ - # { - # sourcePort = 2222; - # proto = "tcp"; - # destination = "10.1.1.1:22"; - # } - # { - # sourcePort = 22; - # proto = "tcp"; - # destination = "10.1.1.1:22"; - # } - #]; + # Additional advanced rules + # TODO add multi NAT feature to router service + nftables = { + enable = true; + tables = { + # NAT/masquerade wg1 allowing lan0 clients to access wg1 + wg-nat = { + family = "ip"; + content = '' + chain post { + type nat hook postrouting priority srcnat; policy accept; + iifname "lan0" oifname "wg1" masquerade comment "lan0 => wg1" + } + ''; + }; + }; + }; }; services._router = { dnsDhcpConfig = { - localDomain = "wg-router.pls.lan"; + localDomain = "home.lan"; dhcp = { defaultGateway = "192.168.1.1"; localhostIp = "192.168.1.1"; rangeStart = "192.168.1.50"; rangeEnd = "192.168.1.250"; + # TODO think about moving leases to another file staticLeases = { idrac-7N94GK2 = { macAddress = "50:9a:4c:5d:c3:7c"; @@ -71,6 +76,10 @@ macAddress = "e4:54:e8:bc:ba:05"; staticIp = "192.168.1.12"; }; + X230 = { + macAddress = "84:3a:4b:60:34:c4"; + staticIp = "192.168.1.13"; + }; }; }; }; -- cgit v1.2.3