swann: tweak firewall params
This commit is contained in:
parent
a4fd2de975
commit
1233ac2d14
1 changed files with 23 additions and 2 deletions
|
@ -62,6 +62,10 @@ in {
|
||||||
enable = true;
|
enable = true;
|
||||||
externalInterface = "ens-virginmedia";
|
externalInterface = "ens-virginmedia";
|
||||||
internalInterfaces = ["ens-general"];
|
internalInterfaces = ["ens-general"];
|
||||||
|
forwardPorts = [
|
||||||
|
{ destination = "192.168.1.40:22"; proto = "tcp"; sourcePort = 10022; }
|
||||||
|
{ destination = "192.168.1.40:41641"; proto = "udp"; sourcePort = 41641; }
|
||||||
|
];
|
||||||
};
|
};
|
||||||
services.dhcpd4 = {
|
services.dhcpd4 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -79,16 +83,33 @@ in {
|
||||||
range 192.168.1.100 192.168.1.200;
|
range 192.168.1.100 192.168.1.200;
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
machines = [
|
||||||
|
{
|
||||||
|
hostName = "totoro";
|
||||||
|
ethernetAddress = "40:8d:5c:1f:e8:68";
|
||||||
|
ipAddress = "192.168.1.40";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "totoro-pfsense";
|
||||||
|
ethernetAddress = "52:54:00:cf:cd:94";
|
||||||
|
ipAddress = "192.168.1.41";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "kvm";
|
||||||
|
ethernetAddress = "00:0d:5d:1b:14:ba";
|
||||||
|
ipAddress = "192.168.1.50";
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
networking.localCommands = ''
|
networking.localCommands = ''
|
||||||
tc qdisc del dev ens-virginmedia root || true
|
tc qdisc del dev ens-virginmedia root || true
|
||||||
tc qdisc add dev ens-virginmedia root cake bandwidth 30Mbit docsis nat dual-srchost
|
tc qdisc add dev ens-virginmedia root cake bandwidth 20Mbit docsis nat dual-srchost
|
||||||
|
|
||||||
ip link add name ifb-virginmedia type ifb || true
|
ip link add name ifb-virginmedia type ifb || true
|
||||||
tc qdisc del dev ens-virginmedia ingress || true
|
tc qdisc del dev ens-virginmedia ingress || true
|
||||||
tc qdisc add dev ens-virginmedia handle ffff: ingress
|
tc qdisc add dev ens-virginmedia handle ffff: ingress
|
||||||
tc qdisc del dev ifb-virginmedia root || true
|
tc qdisc del dev ifb-virginmedia root || true
|
||||||
tc qdisc add dev ifb-virginmedia root cake bandwidth 500Mbit besteffort docsis nat wash dual-dsthost
|
tc qdisc add dev ifb-virginmedia root cake bandwidth 450Mbit besteffort docsis nat wash dual-dsthost
|
||||||
ip link set dev ifb-virginmedia up
|
ip link set dev ifb-virginmedia up
|
||||||
tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia
|
tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia
|
||||||
'';
|
'';
|
||||||
|
|
Loading…
Reference in a new issue