···
dest = if cfg.externalIP == null then "-j MASQUERADE" else "-j SNAT --to-source ${cfg.externalIP}";
16
-
iptables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true
17
-
iptables -w -t nat -F nixos-nat-pre 2>/dev/null || true
18
-
iptables -w -t nat -X nixos-nat-pre 2>/dev/null || true
19
-
iptables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true
20
-
iptables -w -t nat -F nixos-nat-post 2>/dev/null || true
21
-
iptables -w -t nat -X nixos-nat-post 2>/dev/null || true
16
+
ip46tables -w -t nat -D PREROUTING -j nixos-nat-pre 2>/dev/null|| true
17
+
ip46tables -w -t nat -F nixos-nat-pre 2>/dev/null || true
18
+
ip46tables -w -t nat -X nixos-nat-pre 2>/dev/null || true
19
+
ip46tables -w -t nat -D POSTROUTING -j nixos-nat-post 2>/dev/null || true
20
+
ip46tables -w -t nat -F nixos-nat-post 2>/dev/null || true
21
+
ip46tables -w -t nat -X nixos-nat-post 2>/dev/null || true
22
+
ip46tables -w -t nat -D OUTPUT -j nixos-nat-out 2>/dev/null || true
23
+
ip46tables -w -t nat -F nixos-nat-out 2>/dev/null || true
24
+
ip46tables -w -t nat -X nixos-nat-out 2>/dev/null || true
# Create subchain where we store rules
28
-
iptables -w -t nat -N nixos-nat-pre
29
-
iptables -w -t nat -N nixos-nat-post
31
+
ip46tables -w -t nat -N nixos-nat-pre
32
+
ip46tables -w -t nat -N nixos-nat-post
33
+
ip46tables -w -t nat -N nixos-nat-out
# We can't match on incoming interface in POSTROUTING, so
# mark packets coming from the internal interfaces.
···
# Append our chains to the nat tables
91
-
iptables -w -t nat -A PREROUTING -j nixos-nat-pre
92
-
iptables -w -t nat -A POSTROUTING -j nixos-nat-post
95
+
ip46tables -w -t nat -A PREROUTING -j nixos-nat-pre
96
+
ip46tables -w -t nat -A POSTROUTING -j nixos-nat-post
97
+
ip46tables -w -t nat -A OUTPUT -j nixos-nat-out
pyrox.dev