From e40146de16a8edf5e63b92057d0a7abca745182d Mon Sep 17 00:00:00 2001 From: Jack Cummings Date: Fri, 5 Oct 2012 22:11:57 -0700 Subject: nat: enable NAT for multiple networks --- modules/services/networking/nat.nix | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'modules/services/networking/nat.nix') diff --git a/modules/services/networking/nat.nix b/modules/services/networking/nat.nix index c51eeb54be7..ff6ff02f7e9 100644 --- a/modules/services/networking/nat.nix +++ b/modules/services/networking/nat.nix @@ -1,4 +1,6 @@ # This module enables Network Address Translation (NAT). +# XXX: todo: support multiple upstream links +# see http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html { config, pkgs, ... }: @@ -25,11 +27,11 @@ in }; networking.nat.internalIPs = mkOption { - example = "192.168.1.0/24"; + example = [ "192.168.1.0/24" ] ; description = '' - The IP address range for which to perform NAT. Packets - coming from these addresses and destined for the external + The IP address ranges for which to perform NAT. Packets + coming from these networks and destined for the external interface will be rewritten. ''; }; @@ -76,13 +78,17 @@ in '' iptables -t nat -F POSTROUTING iptables -t nat -X - + '' + + (concatMapStrings (network: + '' iptables -t nat -A POSTROUTING \ - -s ${cfg.internalIPs} -o ${cfg.externalInterface} \ + -s ${network} -o ${cfg.externalInterface} \ ${if cfg.externalIP == "" then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}"} - + '' + ) cfg.internalIPs) + + '' echo 1 > /proc/sys/net/ipv4/ip_forward ''; @@ -91,7 +97,5 @@ in iptables -t nat -F POSTROUTING ''; }; - }; - } -- cgit 1.4.1