leonetienne/stormwind-nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

create special network for crusader which cannot ping lan

Browse Source
This commit is contained in:
RootHost-Stormwind
2025-07-22 10:25:34 +02:00
parent fd22ef10cc
commit e7e9b34464
3 changed files with 114 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
networking.nix
View File

@@ -11,25 +11,25 @@
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
iifname "enp4s0" tcp dport 80 dnat to 10.94.157.2:80
iifname "enp4s0" tcp dport 443 dnat to 10.94.157.2:443
iifname "enp4s0" tcp dport 20 dnat to 10.94.157.2:20
iifname "enp4s0" tcp dport 21 dnat to 10.94.157.2:21
iifname "enp4s0" tcp dport 22 dnat to 10.94.157.2:22
iifname "enp4s0" tcp dport 2223 dnat to 10.94.157.2:2223
iifname "enp4s0" tcp dport 990 dnat to 10.94.157.2:990
iifname "enp4s0" tcp dport 989 dnat to 10.94.157.2:989
iifname "enp4s0" tcp dport 445 dnat to 10.94.157.2:445
iifname "enp4s0" tcp dport 111 dnat to 10.94.157.2:111
iifname "enp4s0" udp dport 111 dnat to 10.94.157.2:111
iifname "enp4s0" tcp dport 2049 dnat to 10.94.157.2:2049
iifname "enp4s0" udp dport 2049 dnat to 10.94.157.2:2049
iifname "enp4s0" tcp dport 32765 dnat to 10.94.157.2:32765
iifname "enp4s0" udp dport 32765 dnat to 10.94.157.2:32765
iifname "enp4s0" tcp dport 32768 dnat to 10.94.157.2:32768
iifname "enp4s0" udp dport 32768 dnat to 10.94.157.2:32768
iifname "enp4s0" tcp dport 20048 dnat to 10.94.157.2:20048
iifname "enp4s0" udp dport 20048 dnat to 10.94.157.2:20048
iifname "enp4s0" tcp dport 80 dnat to 10.46.32.2:80
iifname "enp4s0" tcp dport 443 dnat to 10.46.32.2:443
iifname "enp4s0" tcp dport 20 dnat to 10.46.32.2:20
iifname "enp4s0" tcp dport 21 dnat to 10.46.32.2:21
iifname "enp4s0" tcp dport 22 dnat to 10.46.32.2:22
iifname "enp4s0" tcp dport 2223 dnat to 10.46.32.2:2223
iifname "enp4s0" tcp dport 990 dnat to 10.46.32.2:990
iifname "enp4s0" tcp dport 989 dnat to 10.46.32.2:989
iifname "enp4s0" tcp dport 445 dnat to 10.46.32.2:445
iifname "enp4s0" tcp dport 111 dnat to 10.46.32.2:111
iifname "enp4s0" udp dport 111 dnat to 10.46.32.2:111
iifname "enp4s0" tcp dport 2049 dnat to 10.46.32.2:2049
iifname "enp4s0" udp dport 2049 dnat to 10.46.32.2:2049
iifname "enp4s0" tcp dport 32765 dnat to 10.46.32.2:32765
iifname "enp4s0" udp dport 32765 dnat to 10.46.32.2:32765
iifname "enp4s0" tcp dport 32768 dnat to 10.46.32.2:32768
iifname "enp4s0" udp dport 32768 dnat to 10.46.32.2:32768
iifname "enp4s0" tcp dport 20048 dnat to 10.46.32.2:20048
iifname "enp4s0" udp dport 20048 dnat to 10.46.32.2:20048
}
}
'';
@@ -40,113 +40,135 @@
allowedUDPPorts = [ 111 2049 20048 32765 32768 ];
};
bridges = {
incusbr0 = {
interfaces = [];
};
incusbr1 = {
interfaces = [];
};
};
interfaces = {
incusbr0 = {
ipv4.addresses = [
{ address = "10.46.32.1"; prefixLength = 24; }
];
};
incusbr1 = {
ipv4.addresses = [
{ address = "10.46.32.1"; prefixLength = 24; }
];
};
};
nat = {
enable = true;
internalInterfaces = [ "incusbr0" ];
internalInterfaces = [ "incusbr0" "incusbr1" ];
externalInterface = "enp4s0";
forwardPorts = [
{
sourcePort = 80;
proto = "tcp";
destination = "10.94.157.2:80";
destination = "10.46.32.2:80";
}
{
sourcePort = 443;
proto = "tcp";
destination = "10.94.157.2:443";
destination = "10.46.32.2:443";
}
# FTP
{
sourcePort = 20;
proto = "tcp";
destination = "10.94.157.2:20";
destination = "10.46.32.2:20";
}
{
sourcePort = 21;
proto = "tcp";
destination = "10.94.157.2:21";
destination = "10.46.32.2:21";
}
{
sourcePort = 22;
proto = "tcp";
destination = "10.94.157.2:22";
destination = "10.46.32.2:22";
}
{
sourcePort = 2223;
proto = "tcp";
destination = "10.94.157.2:2223";
destination = "10.46.32.2:2223";
}
{
sourcePort = 990;
proto = "tcp";
destination = "10.94.157.2:990";
destination = "10.46.32.2:990";
}
{
sourcePort = 989;
proto = "tcp";
destination = "10.94.157.2:989";
destination = "10.46.32.2:989";
}
{
sourcePort = 21;
proto = "tcp";
destination = "10.94.157.2:21";
destination = "10.46.32.2:21";
}
# SMB
{
sourcePort = 445;
proto = "tcp";
destination = "10.94.157.2:445";
destination = "10.46.32.2:445";
}
# NFS
{
sourcePort = 111;
proto = "tcp";
destination = "10.94.157.2:111";
destination = "10.46.32.2:111";
}
{
sourcePort = 111;
proto = "udp";
destination = "10.94.157.2:111";
destination = "10.46.32.2:111";
}
{
sourcePort = 2049;
proto = "tcp";
destination = "10.94.157.2:2049";
destination = "10.46.32.2:2049";
}
{
sourcePort = 2049;
proto = "udp";
destination = "10.94.157.2:2049";
destination = "10.46.32.2:2049";
}
{
sourcePort = 32765;
proto = "tcp";
destination = "10.94.157.2:32765";
destination = "10.46.32.2:32765";
}
{
sourcePort = 32765;
proto = "udp";
destination = "10.94.157.2:32765";
destination = "10.46.32.2:32765";
}
{
sourcePort = 32768;
proto = "tcp";
destination = "10.94.157.2:32768";
destination = "10.46.32.2:32768";
}
{
sourcePort = 32768;
proto = "udp";
destination = "10.94.157.2:32768";
destination = "10.46.32.2:32768";
}
{
sourcePort = 20048;
proto = "tcp";
destination = "10.94.157.2:20048";
destination = "10.46.32.2:20048";
}
{
sourcePort = 20048;
proto = "udp";
destination = "10.94.157.2:20048";
destination = "10.46.32.2:20048";
}
];
};