{ config, ... }: { networking = { hostName = "Stormwind"; networkmanager.enable = false; nftables = { enable = true; ruleset = '' table ip nat { chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; iifname "enp4s0" tcp dport 80 dnat to 10.94.157.2:80 iifname "enp4s0" tcp dport 443 dnat to 10.94.157.2:443 iifname "enp4s0" tcp dport 20 dnat to 10.94.157.2:20 iifname "enp4s0" tcp dport 21 dnat to 10.94.157.2:21 iifname "enp4s0" tcp dport 22 dnat to 10.94.157.2:22 iifname "enp4s0" tcp dport 2223 dnat to 10.94.157.2:2223 iifname "enp4s0" tcp dport 990 dnat to 10.94.157.2:990 iifname "enp4s0" tcp dport 989 dnat to 10.94.157.2:989 iifname "enp4s0" tcp dport 445 dnat to 10.94.157.2:445 iifname "enp4s0" tcp dport 111 dnat to 10.94.157.2:111 iifname "enp4s0" udp dport 111 dnat to 10.94.157.2:111 iifname "enp4s0" tcp dport 2049 dnat to 10.94.157.2:2049 iifname "enp4s0" udp dport 2049 dnat to 10.94.157.2:2049 iifname "enp4s0" tcp dport 32765 dnat to 10.94.157.2:32765 iifname "enp4s0" udp dport 32765 dnat to 10.94.157.2:32765 iifname "enp4s0" tcp dport 32768 dnat to 10.94.157.2:32768 iifname "enp4s0" udp dport 32768 dnat to 10.94.157.2:32768 iifname "enp4s0" tcp dport 20048 dnat to 10.94.157.2:20048 iifname "enp4s0" udp dport 20048 dnat to 10.94.157.2:20048 } } ''; }; firewall = { allowedTCPPorts = [ 80 443 20 21 22 2223 990 989 445 111 2049 32765 32768 20048 ]; allowedUDPPorts = [ 111 2049 20048 32765 32768 ]; }; nat = { enable = true; internalInterfaces = [ "incusbr0" ]; externalInterface = "enp4s0"; forwardPorts = [ { sourcePort = 80; proto = "tcp"; destination = "10.94.157.2:80"; } { sourcePort = 443; proto = "tcp"; destination = "10.94.157.2:443"; } # FTP { sourcePort = 20; proto = "tcp"; destination = "10.94.157.2:20"; } { sourcePort = 21; proto = "tcp"; destination = "10.94.157.2:21"; } { sourcePort = 22; proto = "tcp"; destination = "10.94.157.2:22"; } { sourcePort = 2223; proto = "tcp"; destination = "10.94.157.2:2223"; } { sourcePort = 990; proto = "tcp"; destination = "10.94.157.2:990"; } { sourcePort = 989; proto = "tcp"; destination = "10.94.157.2:989"; } { sourcePort = 21; proto = "tcp"; destination = "10.94.157.2:21"; } # SMB { sourcePort = 445; proto = "tcp"; destination = "10.94.157.2:445"; } # NFS { sourcePort = 111; proto = "tcp"; destination = "10.94.157.2:111"; } { sourcePort = 111; proto = "udp"; destination = "10.94.157.2:111"; } { sourcePort = 2049; proto = "tcp"; destination = "10.94.157.2:2049"; } { sourcePort = 2049; proto = "udp"; destination = "10.94.157.2:2049"; } { sourcePort = 32765; proto = "tcp"; destination = "10.94.157.2:32765"; } { sourcePort = 32765; proto = "udp"; destination = "10.94.157.2:32765"; } { sourcePort = 32768; proto = "tcp"; destination = "10.94.157.2:32768"; } { sourcePort = 32768; proto = "udp"; destination = "10.94.157.2:32768"; } { sourcePort = 20048; proto = "tcp"; destination = "10.94.157.2:20048"; } { sourcePort = 20048; proto = "udp"; destination = "10.94.157.2:20048"; } ]; }; }; }