submitted 1 month ago* (last edited 1 month ago) by [email protected] to c/[email protected]

2 comments fedilink hide all child comments

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration:

 nftables = {
   enable = true;
   ruleset = ''
     table ip nat {
       chain PREROUTING {
         type nat hook prerouting priority dstnat; policy accept;
         iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
       }
     }
   '';
 };
 nat = {
   enable = true;
   internalInterfaces = ["lo"];
   externalInterface = "wlp2s0";
   forwardPorts = [
     {
       sourcePort = 443;
       proto = "tcp";
       destination = "10.100.0.3:443";
     }
   ];
 };

Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

you are viewing a single comment's thread
view the rest of the comments

[-] [email protected] 2 points 1 month ago

If you enable iptables you may have to disable firewall.

[-] [email protected] 2 points 1 month ago

I have firewall disabled for my ports, so that's not the issue here.

this post was submitted on 11 Jun 2024

16 points (100.0% liked)

Nix / NixOS

1465 readers

2 users here now

Main links

Videos

founded 1 year ago

MODERATORS

[email protected]