Nix / NixOS

1625 readers

3 users here now

Main links

Videos

founded 1 year ago

MODERATORS

erlingur

ballmerpeaking

WhiteBlackGoose

NAT and Port Triggering (lemmy.world)

submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/nix

2 comments fedilink hide all child comments

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration:

 nftables = {
   enable = true;
   ruleset = ''
     table ip nat {
       chain PREROUTING {
         type nat hook prerouting priority dstnat; policy accept;
         iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
       }
     }
   '';
 };
 nat = {
   enable = true;
   internalInterfaces = ["lo"];
   externalInterface = "wlp2s0";
   forwardPorts = [
     {
       sourcePort = 443;
       proto = "tcp";
       destination = "10.100.0.3:443";
     }
   ];
 };

Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 2 months ago (1 children)

If you enable iptables you may have to disable firewall.

[–] [email protected] 2 points 2 months ago

I have firewall disabled for my ports, so that's not the issue here.