From 18f37728770e56b9ec3ecf3e3a161045f2222f9e Mon Sep 17 00:00:00 2001 From: Lillian-Violet Date: Wed, 27 Aug 2025 19:40:39 +0200 Subject: [PATCH] seemed to have fucked up the copying from the example, let's try this and the iptable commands should work (tested them locally) --- nixos/hosts/wheatley/configuration.nix | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/nixos/hosts/wheatley/configuration.nix b/nixos/hosts/wheatley/configuration.nix index 3139423..f204786 100644 --- a/nixos/hosts/wheatley/configuration.nix +++ b/nixos/hosts/wheatley/configuration.nix @@ -228,6 +228,8 @@ FwMark = 51820; }; + listenPort = 51820; + postUp = '' ${pkgs.iproute2}/bin/ip rule add from 192.168.2.43 table main ${pkgs.iptables}/bin/iptables -t mangle -A PREROUTING -i end0 -j CONNMARK --set-mark 51820 @@ -258,17 +260,17 @@ # This allows the wireguard server to route your traffic to the internet and hence be like a VPN postUp = '' ${pkgs.iptables}/bin/iptables -A FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -o wg0 -j MASQUERADE ${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s wg0 -o end0 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -o wg0 -j MASQUERADE ''; # Undo the above preDown = '' ${pkgs.iptables}/bin/iptables -D FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -o wg0 -j MASQUERADE ${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg1 -j ACCEPT - ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s wg0 -o end0 -j MASQUERADE + ${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -o wg0 -j MASQUERADE ''; privateKeyFile = lib.mkForce config.sops.secrets."wg-private-key".path;