summary refs log tree commit diff
path: root/modules/services/networking/nat.nix
diff options
context:
space:
mode:
authorJack Cummings <jack@mudshark.org>2012-10-05 22:11:57 -0700
committerEelco Dolstra <eelco.dolstra@logicblox.com>2012-10-09 14:00:59 -0400
commite40146de16a8edf5e63b92057d0a7abca745182d (patch)
treeac6924c8536598e115ded4e1f7a78cd73036a467 /modules/services/networking/nat.nix
parente8d8b6b39997fdd9b0796fd79fffad9750c37774 (diff)
downloadnixpkgs-e40146de16a8edf5e63b92057d0a7abca745182d.tar
nixpkgs-e40146de16a8edf5e63b92057d0a7abca745182d.tar.gz
nixpkgs-e40146de16a8edf5e63b92057d0a7abca745182d.tar.bz2
nixpkgs-e40146de16a8edf5e63b92057d0a7abca745182d.tar.lz
nixpkgs-e40146de16a8edf5e63b92057d0a7abca745182d.tar.xz
nixpkgs-e40146de16a8edf5e63b92057d0a7abca745182d.tar.zst
nixpkgs-e40146de16a8edf5e63b92057d0a7abca745182d.zip
nat: enable NAT for multiple networks
Diffstat (limited to 'modules/services/networking/nat.nix')
-rw-r--r--modules/services/networking/nat.nix20


1 files changed, 12 insertions, 8 deletions
diff --git a/modules/services/networking/nat.nix b/modules/services/networking/nat.nix
index c51eeb54be7..ff6ff02f7e9 100644
--- a/modules/services/networking/nat.nix
+++ b/modules/services/networking/nat.nix
@@ -1,4 +1,6 @@
 # This module enables Network Address Translation (NAT).
+# XXX: todo: support multiple upstream links
+# see http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html
 
 { config, pkgs, ... }:
 
@@ -25,11 +27,11 @@ in
     };
 
     networking.nat.internalIPs = mkOption {
-      example = "192.168.1.0/24";
+      example = [ "192.168.1.0/24" ] ;
       description =
         ''
-          The IP address range for which to perform NAT.  Packets
-          coming from these addresses and destined for the external
+          The IP address ranges for which to perform NAT.  Packets
+          coming from these networks and destined for the external
           interface will be rewritten.
         '';
     };
@@ -76,13 +78,17 @@ in
           ''
             iptables -t nat -F POSTROUTING
             iptables -t nat -X
-
+          '' 
+          + (concatMapStrings (network: 
+            ''
             iptables -t nat -A POSTROUTING \
-              -s ${cfg.internalIPs} -o ${cfg.externalInterface} \
+              -s ${network} -o ${cfg.externalInterface} \
               ${if cfg.externalIP == ""
                 then "-j MASQUERADE"
                 else "-j SNAT --to-source ${cfg.externalIP}"}
-
+            ''
+          ) cfg.internalIPs) +
+          ''
             echo 1 > /proc/sys/net/ipv4/ip_forward
           '';
 
@@ -91,7 +97,5 @@ in
             iptables -t nat -F POSTROUTING
           '';
       };
-
   };
-
 }

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-23 05:34:54 +0000