asonix/sbc-deploys
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Be more specific with internal postrouting, add extra dns resolvers

Browse source
This commit is contained in:
asonix 2024-07-09 18:20:53 -05:00
parent 4cc1bf3945
commit b5a418308e
1 changed files with 23 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
modules/router/default.nix
View file

@ -356,7 +356,9 @@ in
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oifname $WAN masquerade
iifname { $WAN, $BRIDGE, $DEVICES, $WIFI } oifname $BRIDGE masquerade
iifname $BRIDGE oifname $BRIDGE ip daddr $HTTP_HOST tcp dport { 80, 443 } masquerade
iifname $BRIDGE oifname $BRIDGE ip daddr $FORGEJO_HOST tcp dport $FORGEJO_SSH_PORT masquerade
iifname $BRIDGE oifname $BRIDGE ip daddr $DRAWPILE_HOST tcp dport $DRAWPILE_TCP_PORT masquerade
}
}
@ -371,7 +373,9 @@ in
chain postrouting {
type nat hook postrouting priority 100; policy accept;
oifname $WAN masquerade
iifname { $WAN, $BRIDGE, $DEVICES, $WIFI } oifname $BRIDGE masquerade
iifname $BRIDGE oifname $BRIDGE ip6 daddr $HTTP_HOST_V6 tcp dport { 80, 443 } masquerade
iifname $BRIDGE oifname $BRIDGE ip6 daddr $FORGEJO_HOST_V6 tcp dport $FORGEJO_SSH_PORT masquerade
iifname $BRIDGE oifname $BRIDGE ip6 daddr $DRAWPILE_HOST_V6 tcp dport $DRAWPILE_TCP_PORT masquerade
}
}
'';
@ -386,10 +390,23 @@ in
enable = true;
settings = {
server = [
"9.9.9.9"
"9.9.9.10"
"2620:fe::fe"
"2620:fe::9"
# OpenDNS
"208.67.222.222"
"208.67.220.220"
"2620:119:53::35"
"2620:119:53::53"
# Quad9
"9.9.9.11"
"149.112.112.11"
"2620:fe::11"
"2620:fe::fe:11"
# Cloudflare
"1.1.1.1"
"1.0.0.1"
"2606:4700:4700::1111"
"2606:4700:4700::1001"
];
domain-needed = true;
bogus-priv = true;