Be more specific with internal postrouting, add extra dns resolvers
This commit is contained in:
parent
4cc1bf3945
commit
b5a418308e
1 changed files with 23 additions and 6 deletions
|
@ -356,7 +356,9 @@ in
|
|||
chain postrouting {
|
||||
type nat hook postrouting priority 100; policy accept;
|
||||
oifname $WAN masquerade
|
||||
iifname { $WAN, $BRIDGE, $DEVICES, $WIFI } oifname $BRIDGE masquerade
|
||||
iifname $BRIDGE oifname $BRIDGE ip daddr $HTTP_HOST tcp dport { 80, 443 } masquerade
|
||||
iifname $BRIDGE oifname $BRIDGE ip daddr $FORGEJO_HOST tcp dport $FORGEJO_SSH_PORT masquerade
|
||||
iifname $BRIDGE oifname $BRIDGE ip daddr $DRAWPILE_HOST tcp dport $DRAWPILE_TCP_PORT masquerade
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -371,7 +373,9 @@ in
|
|||
chain postrouting {
|
||||
type nat hook postrouting priority 100; policy accept;
|
||||
oifname $WAN masquerade
|
||||
iifname { $WAN, $BRIDGE, $DEVICES, $WIFI } oifname $BRIDGE masquerade
|
||||
iifname $BRIDGE oifname $BRIDGE ip6 daddr $HTTP_HOST_V6 tcp dport { 80, 443 } masquerade
|
||||
iifname $BRIDGE oifname $BRIDGE ip6 daddr $FORGEJO_HOST_V6 tcp dport $FORGEJO_SSH_PORT masquerade
|
||||
iifname $BRIDGE oifname $BRIDGE ip6 daddr $DRAWPILE_HOST_V6 tcp dport $DRAWPILE_TCP_PORT masquerade
|
||||
}
|
||||
}
|
||||
'';
|
||||
|
@ -386,10 +390,23 @@ in
|
|||
enable = true;
|
||||
settings = {
|
||||
server = [
|
||||
"9.9.9.9"
|
||||
"9.9.9.10"
|
||||
"2620:fe::fe"
|
||||
"2620:fe::9"
|
||||
# OpenDNS
|
||||
"208.67.222.222"
|
||||
"208.67.220.220"
|
||||
"2620:119:53::35"
|
||||
"2620:119:53::53"
|
||||
|
||||
# Quad9
|
||||
"9.9.9.11"
|
||||
"149.112.112.11"
|
||||
"2620:fe::11"
|
||||
"2620:fe::fe:11"
|
||||
|
||||
# Cloudflare
|
||||
"1.1.1.1"
|
||||
"1.0.0.1"
|
||||
"2606:4700:4700::1111"
|
||||
"2606:4700:4700::1001"
|
||||
];
|
||||
domain-needed = true;
|
||||
bogus-priv = true;
|
||||
|
|
Loading…
Reference in a new issue