diff --git a/peering.nix b/peering.nix index bc5ed97..170a986 100644 --- a/peering.nix +++ b/peering.nix @@ -61,13 +61,12 @@ in } ]; - networking = { - nat = mkIf host.isRouter { - enable = true; - enableIPv6 = true; - internalInterfaces = [ "birdsong" ]; - }; + boot.kernel.sysctl = mkIf host.isRouter { + "net.ipv4.conf.${cfg.interface}.forwarding" = true; + "net.ipv6.conf.${cfg.interface}.forwarding" = true; + }; + networking = { firewall.allowedUDPPorts = mkIf cfg.openPorts [ host.port ]; wireguard.interfaces.${cfg.interface} = {