From 0c63cfbe7a01522607965be761534c514ea37b6c Mon Sep 17 00:00:00 2001 From: Grigory Shipunov Date: Wed, 8 Feb 2023 16:38:58 +0100 Subject: [PATCH] nat: exclude lo from masquerade --- hosts/cirrus/wireguard-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/cirrus/wireguard-server.nix b/hosts/cirrus/wireguard-server.nix index 5b17782..d9fc754 100644 --- a/hosts/cirrus/wireguard-server.nix +++ b/hosts/cirrus/wireguard-server.nix @@ -13,7 +13,7 @@ # port-forward ssh to the music machine extraCommands = '' iptables -t nat -I PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22 - iptables -t nat -A POSTROUTING -j MASQUERADE + iptables ! -o lo -t nat -A POSTROUTING -j MASQUERADE ''; extraStopCommands = '' iptables -t nat -D PREROUTING -p tcp --dport 2020 -j DNAT --to-destination 10.34.45.101:22 || true