swann: tweak firewall params

This commit is contained in:
Luke Granger-Brown 2020-11-04 14:27:19 +00:00
parent a4fd2de975
commit 1233ac2d14

View file

@ -62,6 +62,10 @@ in {
enable = true;
externalInterface = "ens-virginmedia";
internalInterfaces = ["ens-general"];
forwardPorts = [
{ destination = "192.168.1.40:22"; proto = "tcp"; sourcePort = 10022; }
{ destination = "192.168.1.40:41641"; proto = "udp"; sourcePort = 41641; }
];
};
services.dhcpd4 = {
enable = true;
@ -79,16 +83,33 @@ in {
range 192.168.1.100 192.168.1.200;
}
'';
machines = [
{
hostName = "totoro";
ethernetAddress = "40:8d:5c:1f:e8:68";
ipAddress = "192.168.1.40";
}
{
hostName = "totoro-pfsense";
ethernetAddress = "52:54:00:cf:cd:94";
ipAddress = "192.168.1.41";
}
{
hostName = "kvm";
ethernetAddress = "00:0d:5d:1b:14:ba";
ipAddress = "192.168.1.50";
}
];
};
networking.localCommands = ''
tc qdisc del dev ens-virginmedia root || true
tc qdisc add dev ens-virginmedia root cake bandwidth 30Mbit docsis nat dual-srchost
tc qdisc add dev ens-virginmedia root cake bandwidth 20Mbit docsis nat dual-srchost
ip link add name ifb-virginmedia type ifb || true
tc qdisc del dev ens-virginmedia ingress || true
tc qdisc add dev ens-virginmedia handle ffff: ingress
tc qdisc del dev ifb-virginmedia root || true
tc qdisc add dev ifb-virginmedia root cake bandwidth 500Mbit besteffort docsis nat wash dual-dsthost
tc qdisc add dev ifb-virginmedia root cake bandwidth 450Mbit besteffort docsis nat wash dual-dsthost
ip link set dev ifb-virginmedia up
tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia
'';