diff options
| author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2011-03-10 12:08:39 +0000 |
|---|---|---|
| committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2011-03-10 12:08:39 +0000 |
| commit | 9bf4ac079ec08f68d825982cc15ab2b8f4ab664e (patch) | |
| tree | e7086c567fbf3be5859967128953f738b617945a /modules/services/networking/nat.nix | |
| parent | e2e7b689b47c70580af87f64a5b1e9cd5a5cc835 (diff) | |
| download | nixpkgs-9bf4ac079ec08f68d825982cc15ab2b8f4ab664e.tar nixpkgs-9bf4ac079ec08f68d825982cc15ab2b8f4ab664e.tar.gz nixpkgs-9bf4ac079ec08f68d825982cc15ab2b8f4ab664e.tar.bz2 nixpkgs-9bf4ac079ec08f68d825982cc15ab2b8f4ab664e.tar.lz nixpkgs-9bf4ac079ec08f68d825982cc15ab2b8f4ab664e.tar.xz nixpkgs-9bf4ac079ec08f68d825982cc15ab2b8f4ab664e.tar.zst nixpkgs-9bf4ac079ec08f68d825982cc15ab2b8f4ab664e.zip | |
* Add a module for doing Network Address Translation.
svn path=/nixos/trunk/; revision=26246
Diffstat (limited to 'modules/services/networking/nat.nix')
| -rw-r--r-- | modules/services/networking/nat.nix | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/modules/services/networking/nat.nix b/modules/services/networking/nat.nix new file mode 100644 index 00000000000..2f9715e9fab --- /dev/null +++ b/modules/services/networking/nat.nix @@ -0,0 +1,95 @@ +# This module enables Network Address Translation (NAT). + +{ config, pkgs, ... }: + +with pkgs.lib; + +let + + cfg = config.networking.nat; + +in + +{ + + ###### interface + + options = { + + networking.nat.enable = mkOption { + default = false; + description = + '' + Whether to enable Network Address Translation (NAT). + ''; + }; + + networking.nat.internalIPs = mkOption { + example = "192.168.1.0/24"; + description = + '' + The IP address range for which to perform NAT. Packets + coming from these addresses and destined for the external + interface will be rewritten. + ''; + }; + + networking.nat.externalInterface = mkOption { + example = "eth1"; + description = + '' + The name of the external network interface. + ''; + }; + + networking.nat.externalIP = mkOption { + default = ""; + example = "203.0.113.123"; + description = + '' + The public IP address to which packets from the local + network are to be rewritten. If this is left empty, the + IP address associated with the external interface will be + used. + ''; + }; + + }; + + + ###### implementation + + config = mkIf config.networking.nat.enable { + + environment.systemPackages = [ pkgs.iptables ]; + + jobs.nat = + { description = "Network Address Translation"; + + startOn = "started network-interfaces"; + + path = [ pkgs.iptables ]; + + preStart = + '' + iptables -t nat -F + iptables -t nat -X + + iptables -t nat -A POSTROUTING \ + -s ${cfg.internalIPs} -o ${cfg.externalInterface} \ + ${if cfg.externalIP == "" + then "-j MASQUERADE" + else "-j SNAT --to-source ${cfg.externalIP}"} + + echo 1 > /proc/sys/net/ipv4/ip_forward + ''; + + postStop = + '' + iptables -t nat -F + ''; + }; + + }; + +} |