networking rulez

2025-07-02 08:37:50 +02:00
parent da0535eb09
commit fd22ef10cc
2 changed files with 26 additions and 20 deletions
--- a/networking.nix
+++ b/networking.nix
@@ -11,31 +11,32 @@
          table ip nat {
            chain PREROUTING {
              type nat hook prerouting priority dstnat; policy accept;
-              iifname "enp3s0" tcp dport 80 dnat to 10.94.157.2:80
-              iifname "enp3s0" tcp dport 443 dnat to 10.94.157.2:443
-              iifname "enp3s0" tcp dport 20 dnat to 10.94.157.2:20
-              iifname "enp3s0" tcp dport 21 dnat to 10.94.157.2:21
-              iifname "enp3s0" tcp dport 22 dnat to 10.94.157.2:22
-              iifname "enp3s0" tcp dport 990 dnat to 10.94.157.2:990
-              iifname "enp3s0" tcp dport 989 dnat to 10.94.157.2:989
-              iifname "enp3s0" tcp dport 445 dnat to 10.94.157.2:445
-              iifname "enp3s0" tcp dport 111 dnat to 10.94.157.2:111
-              iifname "enp3s0" udp dport 111 dnat to 10.94.157.2:111
-              iifname "enp3s0" tcp dport 2049 dnat to 10.94.157.2:2049
-              iifname "enp3s0" udp dport 2049 dnat to 10.94.157.2:2049
-              iifname "enp3s0" tcp dport 32765 dnat to 10.94.157.2:32765
-              iifname "enp3s0" udp dport 32765 dnat to 10.94.157.2:32765
-              iifname "enp3s0" tcp dport 32768 dnat to 10.94.157.2:32768
-              iifname "enp3s0" udp dport 32768 dnat to 10.94.157.2:32768
-              iifname "enp3s0" tcp dport 20048 dnat to 10.94.157.2:20048
-              iifname "enp3s0" udp dport 20048 dnat to 10.94.157.2:20048
+              iifname "enp4s0" tcp dport 80 dnat to 10.94.157.2:80
+              iifname "enp4s0" tcp dport 443 dnat to 10.94.157.2:443
+              iifname "enp4s0" tcp dport 20 dnat to 10.94.157.2:20
+              iifname "enp4s0" tcp dport 21 dnat to 10.94.157.2:21
+              iifname "enp4s0" tcp dport 22 dnat to 10.94.157.2:22
+              iifname "enp4s0" tcp dport 2223 dnat to 10.94.157.2:2223
+              iifname "enp4s0" tcp dport 990 dnat to 10.94.157.2:990
+              iifname "enp4s0" tcp dport 989 dnat to 10.94.157.2:989
+              iifname "enp4s0" tcp dport 445 dnat to 10.94.157.2:445
+              iifname "enp4s0" tcp dport 111 dnat to 10.94.157.2:111
+              iifname "enp4s0" udp dport 111 dnat to 10.94.157.2:111
+              iifname "enp4s0" tcp dport 2049 dnat to 10.94.157.2:2049
+              iifname "enp4s0" udp dport 2049 dnat to 10.94.157.2:2049
+              iifname "enp4s0" tcp dport 32765 dnat to 10.94.157.2:32765
+              iifname "enp4s0" udp dport 32765 dnat to 10.94.157.2:32765
+              iifname "enp4s0" tcp dport 32768 dnat to 10.94.157.2:32768
+              iifname "enp4s0" udp dport 32768 dnat to 10.94.157.2:32768
+              iifname "enp4s0" tcp dport 20048 dnat to 10.94.157.2:20048
+              iifname "enp4s0" udp dport 20048 dnat to 10.94.157.2:20048
            }
          }
      '';
    };

    firewall = {
-      allowedTCPPorts = [ 80 443 20 21 22 990 989 445 111 2049 32765 32768 20048 ];
+      allowedTCPPorts = [ 80 443 20 21 22 2223 990 989 445 111 2049 32765 32768 20048 ];
      allowedUDPPorts = [ 111 2049 20048 32765 32768 ];
    };

@@ -70,6 +71,11 @@
          proto = "tcp";
          destination = "10.94.157.2:22";
        }
+        {
+          sourcePort = 2223;
+          proto = "tcp";
+          destination = "10.94.157.2:2223";
+        }
        {
          sourcePort = 990;
          proto = "tcp";