{ config, ... }: { networking = { hostName = "Stormwind"; networkmanager.enable = false; nftables = { enable = true; ruleset = '' table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; iifname "enp4s0" tcp dport 8123 dnat to 10.46.32.153:8123 iifname "enp4s0" tcp dport 80 dnat to 10.46.32.2:80 iifname "enp4s0" tcp dport 443 dnat to 10.46.32.2:443 iifname "enp4s0" tcp dport 20 dnat to 10.46.32.2:20 iifname "enp4s0" tcp dport 21 dnat to 10.46.32.2:21 iifname "enp4s0" tcp dport 22 dnat to 10.46.32.2:22 iifname "enp4s0" tcp dport 2223 dnat to 10.46.32.2:2223 iifname "enp4s0" tcp dport 990 dnat to 10.46.32.2:990 iifname "enp4s0" tcp dport 989 dnat to 10.46.32.2:989 iifname "enp4s0" tcp dport 445 dnat to 10.46.32.2:445 iifname "enp4s0" tcp dport 111 dnat to 10.46.32.2:111 iifname "enp4s0" udp dport 111 dnat to 10.46.32.2:111 iifname "enp4s0" tcp dport 2049 dnat to 10.46.32.2:2049 iifname "enp4s0" udp dport 2049 dnat to 10.46.32.2:2049 iifname "enp4s0" tcp dport 32765 dnat to 10.46.32.2:32765 iifname "enp4s0" udp dport 32765 dnat to 10.46.32.2:32765 iifname "enp4s0" tcp dport 32768 dnat to 10.46.32.2:32768 iifname "enp4s0" udp dport 32768 dnat to 10.46.32.2:32768 iifname "enp4s0" tcp dport 20048 dnat to 10.46.32.2:20048 iifname "enp4s0" udp dport 20048 dnat to 10.46.32.2:20048 } } ''; }; firewall = { allowedTCPPorts = [ 80 443 8123 20 21 22 2223 990 989 445 111 2049 32765 32768 20048 ]; allowedUDPPorts = [ 111 2049 20048 32765 32768 ]; }; bridges = { incusbr0 = { interfaces = []; }; incusbr1 = { interfaces = []; }; }; interfaces = { incusbr0 = { ipv4.addresses = [ { address = "10.46.32.1"; prefixLength = 24; } ]; }; incusbr1 = { ipv4.addresses = [ { address = "10.46.33.1"; prefixLength = 24; } ]; }; }; nat = { enable = true; internalInterfaces = [ "incusbr0" "incusbr1" ]; externalInterface = "enp4s0"; forwardPorts = [ # Web-UI for home-assistant { sourcePort = 8123; proto = "tcp"; destination = "10.46.32.153:8123"; } # Web-UI for nas { sourcePort = 80; proto = "tcp"; destination = "10.46.32.2:80"; } { sourcePort = 443; proto = "tcp"; destination = "10.46.32.2:443"; } # FTP { sourcePort = 20; proto = "tcp"; destination = "10.46.32.2:20"; } { sourcePort = 21; proto = "tcp"; destination = "10.46.32.2:21"; } { sourcePort = 22; proto = "tcp"; destination = "10.46.32.2:22"; } { sourcePort = 2223; proto = "tcp"; destination = "10.46.32.2:2223"; } { sourcePort = 990; proto = "tcp"; destination = "10.46.32.2:990"; } { sourcePort = 989; proto = "tcp"; destination = "10.46.32.2:989"; } { sourcePort = 21; proto = "tcp"; destination = "10.46.32.2:21"; } # SMB { sourcePort = 445; proto = "tcp"; destination = "10.46.32.2:445"; } # NFS { sourcePort = 111; proto = "tcp"; destination = "10.46.32.2:111"; } { sourcePort = 111; proto = "udp"; destination = "10.46.32.2:111"; } { sourcePort = 2049; proto = "tcp"; destination = "10.46.32.2:2049"; } { sourcePort = 2049; proto = "udp"; destination = "10.46.32.2:2049"; } { sourcePort = 32765; proto = "tcp"; destination = "10.46.32.2:32765"; } { sourcePort = 32765; proto = "udp"; destination = "10.46.32.2:32765"; } { sourcePort = 32768; proto = "tcp"; destination = "10.46.32.2:32768"; } { sourcePort = 32768; proto = "udp"; destination = "10.46.32.2:32768"; } { sourcePort = 20048; proto = "tcp"; destination = "10.46.32.2:20048"; } { sourcePort = 20048; proto = "udp"; destination = "10.46.32.2:20048"; } ]; }; }; }