just enable IP forwarding on router instead of full NAT module

2024-08-06 20:05:37 +01:00 · 2024-08-06 20:05:37 +01:00 · 2fd6d96a00
commit 2fd6d96a00
parent 752faa333d
1 changed files with 5 additions and 6 deletions
--- a/peering.nix
+++ b/peering.nix
@ -61,13 +61,12 @@ in
      }
    ];

-    networking = {
-      nat = mkIf host.isRouter {
-        enable = true;
-        enableIPv6 = true;
-        internalInterfaces = [ "birdsong" ];
-      };
+    boot.kernel.sysctl = mkIf host.isRouter {
+      "net.ipv4.conf.${cfg.interface}.forwarding" = true;
+      "net.ipv6.conf.${cfg.interface}.forwarding" = true;
+    };

+    networking = {
      firewall.allowedUDPPorts = mkIf cfg.openPorts [ host.port ];

      wireguard.interfaces.${cfg.interface} = {