From 8ffefca044199508d68078937508a6141a9a8dab Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Wed, 6 Dec 2023 12:39:45 +0100 Subject: [PATCH] try to fix nat --- hosts/fw.cloonar.com/modules/firewall.nix | 5 ++- hosts/fw.cloonar.com/modules/unbound.nix | 48 +++++++++++------------ 2 files changed, 28 insertions(+), 25 deletions(-) diff --git a/hosts/fw.cloonar.com/modules/firewall.nix b/hosts/fw.cloonar.com/modules/firewall.nix index ebdb116..09c023f 100644 --- a/hosts/fw.cloonar.com/modules/firewall.nix +++ b/hosts/fw.cloonar.com/modules/firewall.nix @@ -203,7 +203,10 @@ # Setup NAT masquerading on external interfaces chain postrouting { type nat hook postrouting priority filter; policy accept; - oifname { "wan", "wrwks", "wg_epicenter", "wg_ghetto_at" } masquerade + oifname { "wan" } masquerade + oifname { "wrwks" } masquerade + oifname { "wg_epicenter" } masquerade + oifname { "wg_ghetto_at" } masquerade } } ''; diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index c7d304a..b119ad6 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -107,30 +107,30 @@ let "10.43.97.1" ]; } - { - name = "epicenter.works."; - forward-addr = [ - "10.50.60.1" - ]; - } - { - name = "akvorrat.at."; - forward-addr = [ - "10.50.60.1" - ]; - } - { - name = "epicenter.intra."; - forward-addr = [ - "10.14.1.1" - ]; - } - { - name = "intra.epicenter.works."; - forward-addr = [ - "10.14.1.1" - ]; - } + # { + # name = "epicenter.works."; + # forward-addr = [ + # "10.50.60.1" + # ]; + # } + # { + # name = "akvorrat.at."; + # forward-addr = [ + # "10.50.60.1" + # ]; + # } + # { + # name = "epicenter.intra."; + # forward-addr = [ + # "10.14.1.1" + # ]; + # } + # { + # name = "intra.epicenter.works."; + # forward-addr = [ + # "10.14.1.1" + # ]; + # } ]; }; in {