Networking: Difference between revisions
imported>Onny Add section on port forwarding |
imported>Onny Add section on static ip configuration |
||
Line 2: | Line 2: | ||
== Configuration == | == Configuration == | ||
=== Static IP for network adapter === | |||
The following example configures a static IPv6 address and a default gateway for the interface <code>ens3</code> | |||
<syntaxhighlight lang="nix"> | |||
networking = { | |||
interfaces = { | |||
ens3.ipv6.addresses = [{ | |||
address = "2a01:4f8:1c1b:16d0::"; | |||
prefixLength = 64; | |||
}]; | |||
}; | |||
defaultGateway6 = { | |||
address = "fe80::1"; | |||
interface = "ens3"; | |||
}; | |||
}; | |||
</syntaxhighlight> | |||
=== Hosts file === | === Hosts file === |
Revision as of 09:45, 16 June 2023
This site provides snippets for configuring your network just right for the use case you are looking for. All configuration is for configuration.nix
Configuration
Static IP for network adapter
The following example configures a static IPv6 address and a default gateway for the interface ens3
networking = {
interfaces = {
ens3.ipv6.addresses = [{
address = "2a01:4f8:1c1b:16d0::";
prefixLength = 64;
}];
};
defaultGateway6 = {
address = "fe80::1";
interface = "ens3";
};
};
Hosts file
To edit /etc/hosts
just add something like this to your configuration.nix
:
networking.extraHosts = ''
127.0.0.2 other-localhost
10.0.0.1 server
'';
Port forwarding
In this example we're going to forward the port 80
via NAT from our external network interface ens3
to the host 10.100.0.3
on our internal interface wg0
.
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ 80 ];
extraCommands = "iptables -t nat -A POSTROUTING -d 10.100.0.3 -p tcp -m tcp --dport 80 -j MASQUERADE";
};
nat = {
enable = true;
internalInterfaces = [ "wg0" ];
externalInterface = "ens3";
forwardPorts = [
{
sourcePort = 80;
proto = "tcp";
destination = "10.100.0.3:80";
}
];
};
};
IPv6
Prefix delegation with fixed DUID
Sometimes the hosting provider manages ipv6 networks via a so-called DUID or clientid. This snippet is required to make the network routable:
{ config, pkgs, ... }:
let
# Get this from your hosting provider
clientid = "00:11:22:33:44:55:66:77:88:99";
interface = "enp2s0";
subnet = "56";
network = "2001:bbb:3333:1111::/${subnet}";
own_ip = "2001:bbb:3333:1111::1/${subnet}";
in {
# ... snip ...
networking.enableIPv6 = true;
networking.useDHCP = true;
networking.dhcpcd.persistent = true;
networking.dhcpcd.extraConfig = ''
clientid "${clientid}"
noipv6rs
interface ${interface}
ia_pd 1/${network} ${interface}
static ip6_address=${own_ip}
'';
environment.etc."dhcpcd.duid".text = clientid;
}
Source: gleber gist for online.net IPv6 config in NixOS
Note: Recent versions of dhcpcd move the duid file to /var/db/dcpcd/duid. For that to work, you have to replace the above environment.etc line with something like:
systemd.services.dhcpcd.preStart = ''
cp ${pkgs.writeText "duid" "<ID>"} /var/db/dhcpcd/duid
'';
VLAN's
vlan information in the manual
The below is a complete networking example, showing 2 interfaces, 1 with VLAN trunk tagging and 1 without.
eth1 is a normal network interface @ 192.168.1.2, with no VLAN information.
eth0 is the vlan trunk tagged, with 2 VLAN's tagged, vlan 100 and vlan 101.
vlan100 is in the 10.1.1.X network and vlan 101 is in the 10.10.10.X network.
the hostID should be random data, derived from something like:
head -c4 /dev/urandom | od -A none -t x4
see the manual for more information.
Complete networking section example:
networking = {
hostId = "deadb33f";
hostName = "nixos";
domain = "example.com";
dhcpcd.enable = false;
usePredictableInterfaceNames = false;
interfaces.eth1.ipv4.addresses = [{
address = "192.168.1.2";
prefixLength = 28;
}];
vlans = {
vlan100 = { id=100; interface="eth0"; };
vlan101 = { id=101; interface="eth0"; };
};
interfaces.vlan100.ipv4.addresses = [{
address = "10.1.1.2";
prefixLength = 24;
}];
interfaces.vlan101.ipv4.addresses = [{
address = "10.10.10.3";
prefixLength = 24;
}];
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
};