Networking: Difference between revisions
imported>Ento m Fix indentation |
imported>Onny Add section on port forwarding |
||
Line 1: | Line 1: | ||
This site provides snippets for configuring your network ''just right'' for the use case you are looking for. All configuration is for <code>configuration.nix</code> | This site provides snippets for configuring your network ''just right'' for the use case you are looking for. All configuration is for <code>configuration.nix</code> | ||
== Configuration == | |||
== Hosts file == | === Hosts file === | ||
To edit <code>/etc/hosts</code> just add something like this to your <code>configuration.nix</code>: | To edit <code>/etc/hosts</code> just add something like this to your <code>configuration.nix</code>: | ||
Line 12: | Line 13: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Port forwarding === | |||
In this example we're going to forward the port <code>80</code> via NAT from our external network interface <code>ens3</code> to the host <code>10.100.0.3</code> on our internal interface <code>wg0</code>. | |||
<syntaxhighlight lang="nix"> | |||
networking = { | |||
firewall = { | |||
enable = true; | |||
allowedTCPPorts = [ 80 ]; | |||
extraCommands = "iptables -t nat -A POSTROUTING -d 10.100.0.3 -p tcp -m tcp --dport 80 -j MASQUERADE"; | |||
}; | |||
nat = { | |||
enable = true; | |||
internalInterfaces = [ "wg0" ]; | |||
externalInterface = "ens3"; | |||
forwardPorts = [ | |||
{ | |||
sourcePort = 80; | |||
proto = "tcp"; | |||
destination = "10.100.0.3:80"; | |||
} | |||
]; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
= IPv6 = | = IPv6 = |
Revision as of 10:14, 21 January 2023
This site provides snippets for configuring your network just right for the use case you are looking for. All configuration is for configuration.nix
Configuration
Hosts file
To edit /etc/hosts
just add something like this to your configuration.nix
:
networking.extraHosts = ''
127.0.0.2 other-localhost
10.0.0.1 server
'';
Port forwarding
In this example we're going to forward the port 80
via NAT from our external network interface ens3
to the host 10.100.0.3
on our internal interface wg0
.
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
extraCommands = "iptables -t nat -A POSTROUTING -d 10.100.0.3 -p tcp -m tcp --dport 80 -j MASQUERADE";
};
nat = {
enable = true;
internalInterfaces = [ "wg0" ];
externalInterface = "ens3";
forwardPorts = [
{
sourcePort = 80;
proto = "tcp";
destination = "10.100.0.3:80";
}
];
};
};
IPv6
Prefix delegation with fixed DUID
Sometimes the hosting provider manages ipv6 networks via a so-called DUID or clientid. This snippet is required to make the network routable:
{ config, pkgs, ... }:
let
# Get this from your hosting provider
clientid = "00:11:22:33:44:55:66:77:88:99";
interface = "enp2s0";
subnet = "56";
network = "2001:bbb:3333:1111::/${subnet}";
own_ip = "2001:bbb:3333:1111::1/${subnet}";
in {
# ... snip ...
networking.enableIPv6 = true;
networking.useDHCP = true;
networking.dhcpcd.persistent = true;
networking.dhcpcd.extraConfig = ''
clientid "${clientid}"
noipv6rs
interface ${interface}
ia_pd 1/${network} ${interface}
static ip6_address=${own_ip}
'';
environment.etc."dhcpcd.duid".text = clientid;
}
Source: gleber gist for online.net IPv6 config in NixOS
Note: Recent versions of dhcpcd move the duid file to /var/db/dcpcd/duid. For that to work, you have to replace the above environment.etc line with something like:
systemd.services.dhcpcd.preStart = ''
cp ${pkgs.writeText "duid" "<ID>"} /var/db/dhcpcd/duid
'';
VLAN's
vlan information in the manual
The below is a complete networking example, showing 2 interfaces, 1 with VLAN trunk tagging and 1 without.
eth1 is a normal network interface @ 192.168.1.2, with no VLAN information.
eth0 is the vlan trunk tagged, with 2 VLAN's tagged, vlan 100 and vlan 101.
vlan100 is in the 10.1.1.X network and vlan 101 is in the 10.10.10.X network.
the hostID should be random data, derived from something like:
head -c4 /dev/urandom | od -A none -t x4
see the manual for more information.
Complete networking section example:
networking = {
hostId = "deadb33f";
hostName = "nixos";
domain = "example.com";
dhcpcd.enable = false;
usePredictableInterfaceNames = false;
interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.2";
prefixLength = 28;
}];
vlans = {
vlan100 = { id=100; interface="eth0"; };
vlan101 = { id=101; interface="eth0"; };
};
interfaces.vlan100.ipv4.addresses = [{
address = "10.1.1.2";
prefixLength = 24;
}];
interfaces.vlan101.ipv4.addresses = [{
address = "10.10.10.3";
prefixLength = 24;
}];
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
};