17
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/nix

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration:

 nftables = {
   enable = true;
   ruleset = ''
     table ip nat {
       chain PREROUTING {
         type nat hook prerouting priority dstnat; policy accept;
         iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
       }
     }
   '';
 };
 nat = {
   enable = true;
   internalInterfaces = ["lo"];
   externalInterface = "wlp2s0";
   forwardPorts = [
     {
       sourcePort = 443;
       proto = "tcp";
       destination = "10.100.0.3:443";
     }
   ];
 };

Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

top 2 comments
sorted by: hot top controversial new old
[-] [email protected] 2 points 1 week ago

If you enable iptables you may have to disable firewall.

[-] [email protected] 2 points 1 week ago

I have firewall disabled for my ports, so that's not the issue here.

this post was submitted on 11 Jun 2024
17 points (100.0% liked)

Nix / NixOS

1450 readers
10 users here now

Main links

Videos

founded 1 year ago
MODERATORS