0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

nat: exclude lo from masquerade

Browse source
This commit is contained in:
Grigory Shipunov 2023-02-08 16:38:58 +01:00
parent d638a73d3e
commit 0c63cfbe7a
Signed by: 0xa
GPG key ID: 91FA5E5BF9AA901C
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/cirrus/wireguard-server.nix
View file

@ -13,7 +13,7 @@
# port-forward ssh to the music machine
extraCommands = ''
iptables -t nat -I PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables ! -o lo -t nat -A POSTROUTING -j MASQUERADE
'';
extraStopCommands = ''
iptables -t nat -D PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22 || true