pyrox.dev / nixpkgs
lol
fork atom

nixos/networking/nat: add option for protocol

This commit adds an option to allow udp port forwarding (see #24894).

Phil 4f277bd9 e84c717d

options
unified split
Changed files
+10 -3
nixos
modules
services
networking
nat.nix
+10 -3
nixos/modules/services/networking/nat.nix 
···

       
48

       
 

       
    # NAT from external ports to internal ports.


     

       
49

       
 

       
    ${concatMapStrings (fwd: ''


     

       
50

       
 

       
      iptables -w -t nat -A nixos-nat-pre \


     

       
51

       
-

       
        -i ${cfg.externalInterface} -p tcp \


     

       
52

       
 

       
        --dport ${builtins.toString fwd.sourcePort} \


     

       
53

       
 

       
        -j DNAT --to-destination ${fwd.destination}


     

       
54

       
 

       
    '') cfg.forwardPorts}


     
···

       
133

       
 

       
          destination = mkOption {


     

       
134

       
 

       
            type = types.str;


     

       
135

       
 

       
            example = "10.0.0.1:80";


     

       
136

       
-

       
            description = "Forward tcp connection to destination ip:port";


     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
137

       
 

       
          };


     

       
138

       
 

       
        };


     

       
139

       
 

       
      });


     

       
140

       
 

       
      default = [];


     

       
141

       
-

       
      example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; } ];


     

       
142

       
 

       
      description =


     

       
143

       
 

       
        ''


     

       
144

       
 

       
          List of forwarded ports from the external interface to


     
···

       
48

       
 

       
    # NAT from external ports to internal ports.


     

       
49

       
 

       
    ${concatMapStrings (fwd: ''


     

       
50

       
 

       
      iptables -w -t nat -A nixos-nat-pre \


     

       
51

       
+

       
        -i ${cfg.externalInterface} -p ${fwd.proto} \


     

       
52

       
 

       
        --dport ${builtins.toString fwd.sourcePort} \


     

       
53

       
 

       
        -j DNAT --to-destination ${fwd.destination}


     

       
54

       
 

       
    '') cfg.forwardPorts}


     
···

       
133

       
 

       
          destination = mkOption {


     

       
134

       
 

       
            type = types.str;


     

       
135

       
 

       
            example = "10.0.0.1:80";


     

       
136

       
+

       
            description = "Forward connection to destination ip:port";


     

       
137

       
+

       
          };


     

       
138

       
+

       



     

       
139

       
+

       
          proto = mkOption {


     

       
140

       
+

       
            type = types.str;


     

       
141

       
+

       
            default = "tcp";


     

       
142

       
+

       
            example = "udp";


     

       
143

       
+

       
            description = "Protocol of forwarded connection";


     

       
144

       
 

       
          };


     

       
145

       
 

       
        };


     

       
146

       
 

       
      });


     

       
147

       
 

       
      default = [];


     

       
148

       
+

       
      example = [ { sourcePort = 8080; destination = "10.0.0.1:80"; proto = "tcp"; } ];


     

       
149

       
 

       
      description =


     

       
150

       
 

       
        ''


     

       
151

       
 

       
          List of forwarded ports from the external interface to