Thomas Dy
97a61c8903
nixos/nat: fix multiple destination ports with loopback
2020-03-04 18:11:31 +09:00
volth
6abba2294d
nixos/nat: use nixos-nat-out instead of OUTPUT
2020-01-12 00:06:49 +01:00
Bernardo Meurer
5ee439eb08
nixos: fix ip46tables invocation in nat
2019-12-14 20:13:12 -08:00
Andreas Rammhold
e8bb94fca9
Merge pull request #68459 from volth/patch-364
...
nixos/nat: create nixos-nat-{pre,post,out} in ip6tables too
2019-12-12 15:55:51 +01:00
Max Veytsman
de1cbcc692
nixos/nat: fix typo in comment
...
This iptables directive is marking packets coming from the internal interfaces so they can later be NATed by the rule in 22378e6996/nixos/modules/services/networking/nat.nix (L38-L42)
.
Fix the comment accordingly.
2019-11-04 17:00:22 +01:00
volth
3e792fb6df
nixos/nat: create nixos-nat-{pre,post,out} in ip6tables too
2019-09-10 21:58:19 +00:00
volth
d79a5057d3
nixos/nat: optional networking.nat.externalInterface ( #41864 )
...
to prevent "cannot coerce null to string" raise before the assertions are checked
2018-06-12 15:14:15 +02:00
volth
d4daddad75
nixos/nat: optional networking.nat.externalInterface ( #41758 )
2018-06-10 18:29:32 +02:00
volth
328f8a6cba
nixos/nat: support nat reflection
2018-02-19 13:16:09 +00:00
Ryan Trinkle
ab2b3a5d0a
nat: add extraCommands and extraStopCommands options
2017-12-06 11:17:38 -05:00
zimbatm
3807408c38
Merge pull request #32212 from ryantrinkle/nat-port-forwarding-ranges
...
Nat port forwarding ranges
2017-12-04 12:05:05 +00:00
Ryan Trinkle
4f8a65a163
nixos/nat: add dmzHost option ( #32257 )
2017-12-04 09:21:58 +00:00
Ryan Trinkle
a8f1ebf52c
nat: support port ranges in networking.nat.forwardPorts
2017-12-02 13:28:01 -05:00
Phil
4f277bd920
nixos/networking/nat: add option for protocol
...
This commit adds an option to allow udp port forwarding (see #24894 ).
2017-08-04 17:03:05 +02:00
Markus Mueller
53d2f0980d
nat: always flush nixos nat rules on firewall start/reload
...
Fixes #27510
2017-08-03 21:16:14 +02:00
Joachim F
0906a0f197
Merge pull request #18491 from groxxda/network-interfaces
...
Replace Network-interfaces.target
2016-10-02 16:34:37 +02:00
Alexander Ried
8524df1259
networking.nat: replace network-interfaces.target
...
We can replace this safely with network-pre because iptables does not
care whether the interfaces exist or not.
2016-09-13 11:19:22 +02:00
Eric Sagnes
c3bdee3c39
nat module: optionSet -> submodule
2016-09-13 12:53:10 +09:00
Domen Kožar
25e3c091a0
Revert "nixos/nat: Allow nat without an externalInterface"
...
This reverts commit 431a98b12b
.
Breaks nixos tests: http://hydra.nixos.org/build/35538207
2016-05-12 11:04:06 +01:00
Franz Pletz
431a98b12b
nixos/nat: Allow nat without an externalInterface
2016-05-12 01:52:13 +02:00
William A. Kennington III
ba53392bce
nixos/nat: Fix override so that sysctls are properly preserved
2014-10-31 16:50:25 -07:00
William A. Kennington III
ae195727b7
nixos/nat: Don't flush tables, create subchains for autogenerated rules
2014-09-18 11:28:58 -07:00
William A. Kennington III
1321fd175d
nixos/nat: Leverage firewall module
2014-09-15 21:31:27 -07:00
Luca Bruno
2ba523df24
nixos nat: add description to forwardPorts
2014-09-04 11:33:08 +02:00
Luca Bruno
e6ab680cbf
nixos nat: add type for sourcePort and destination of forwardPorts
2014-09-04 10:26:33 +02:00
Luca Bruno
b21ac60290
nixos/nat: add forwardPorts for external->internal DNAT
2014-09-01 22:31:56 +02:00
Eelco Dolstra
29027fd1e1
Rewrite ‘with pkgs.lib’ -> ‘with lib’
...
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Eelco Dolstra
017408e048
Use iptables' ‘-w’ flag
...
This prevents errors like "Another app is currently holding the
xtables lock" if the firewall and NAT services are starting in
parallel. (Longer term, we should probably move to a single service
for managing the iptables rules.)
2014-04-11 17:16:44 +02:00
Eelco Dolstra
b9281e6a2d
Fix NAT module
2014-04-11 17:16:44 +02:00
Eelco Dolstra
a34bfbab4c
Add option networking.nat.internalInterfaces
...
This allows applying NAT to an interface, rather than an IP range.
2014-04-10 15:07:29 +02:00
Eelco Dolstra
408b8b5725
Add lots of missing option types
2013-10-30 18:47:43 +01:00
Eelco Dolstra
5c1f8cbc70
Move all of NixOS to nixos/ in preparation of the repository merge
2013-10-10 13:28:20 +02:00