Official NixOS Wiki

Networking: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>Hypnosis2839
clean up intro and minor formatting changes
imported>Onny
Add IPv6 port forwarding example
Line 34: Line 34:
=== Port forwarding ===
=== Port forwarding ===


In this example we're going to forward the port <code>80</code> via NAT from our external network interface <code>ens3</code> to the host <code>10.100.0.3</code> on our internal interface <code>wg0</code>.
In this example we're going to forward the port <code>80</code> via NAT from our internal network interface <code>ens3</code> to the host <code>10.100.0.3</code> on our external interface <code>wg0</code>.


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
networking = {
networking = {
  nftables = {
    enable = true;
    ruleset = ''
        table ip nat {
          chain PREROUTING {
            type nat hook prerouting priority dstnat; policy accept;
            iifname "ens3" tcp dport 80 dnat to 10.100.0.3:80
          }
        }
    '';
  };
   firewall = {
   firewall = {
     enable = true;
     enable = true;
     allowedTCPPorts = [ 80 ];
     allowedTCPPorts = [ 80 ];
    extraCommands = "iptables -t nat -A POSTROUTING -d 10.100.0.3 -p tcp -m tcp --dport 80 -j MASQUERADE";
   };
   };
   nat = {
   nat = {
     enable = true;
     enable = true;
     internalInterfaces = [ "wg0" ];
     internalInterfaces = [ "ens3" ];
     externalInterface = "ens3";
     externalInterface = "wg0";
     forwardPorts = [
     forwardPorts = [
       {
       {
Line 52: Line 62:
         proto = "tcp";
         proto = "tcp";
         destination = "10.100.0.3:80";
         destination = "10.100.0.3:80";
      }
    ];
  };
};
</syntaxhighlight>
For IPv6 port forwarding, the example would look like this. Icoming connections on the address <code>2001:db8::</code> and port <code>80</code> will be forwarded to <code>[fe80::1234:5678:9abc:def0]:80</code>.
<syntaxhighlight lang="nix">
networking = {
  nftables = {
    enable = true;
    ruleset = ''
        table ip6 nat {
          chain PREROUTING {
            type nat hook prerouting priority dstnat; policy accept;
            iifname "ens3" ip6 daddr [2001:db8::] tcp dport 80 dnat to [fe80::1234:5678:9abc:def0]:80
          }
        }
    '';
  };
  firewall = {
    enable = true;
    allowedTCPPorts = [ 80 ];
  };
  nat = {
    enable = true;
    internalInterfaces = [ "ens3" ];
    externalInterface = "wg0";
    enableIPv6 = true;
    internalIPv6s = [ "2001:db8::/64" ];
    externalIPv6 = "fe80::1234:5678:9abc:def0";
    forwardPorts = [
      {
        sourcePort = 80;
        proto = "tcp";
        destination = "fe80::1234:5678:9abc:def0]:80";
       }
       }
     ];
     ];
Retrieved from "https://wiki.nixos.org/wiki/Networking"