17
submitted 5 months ago* (last edited 5 months ago) by TeaTastic@lemmy.world to c/nix@programming.dev

To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.

Specifically, I have enabled port 443 triggering on my router and included the following configuration:

 nftables = {
   enable = true;
   ruleset = ''
     table ip nat {
       chain PREROUTING {
         type nat hook prerouting priority dstnat; policy accept;
         iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
       }
     }
   '';
 };
 nat = {
   enable = true;
   internalInterfaces = ["lo"];
   externalInterface = "wlp2s0";
   forwardPorts = [
     {
       sourcePort = 443;
       proto = "tcp";
       destination = "10.100.0.3:443";
     }
   ];
 };

Now, after rebuilding, it still does not work and I'm left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?

you are viewing a single comment's thread
view the rest of the comments
[-] rutrum@lm.paradisus.day 2 points 5 months ago

If you enable iptables you may have to disable firewall.

[-] TeaTastic@lemmy.world 2 points 5 months ago

I have firewall disabled for my ports, so that's not the issue here.

this post was submitted on 11 Jun 2024
17 points (100.0% liked)

Nix / NixOS

1768 readers
2 users here now

Main links

Videos

founded 1 year ago
MODERATORS