swann: tweak firewall params
This commit is contained in:
parent
a4fd2de975
commit
1233ac2d14
1 changed files with 23 additions and 2 deletions
|
@ -62,6 +62,10 @@ in {
|
|||
enable = true;
|
||||
externalInterface = "ens-virginmedia";
|
||||
internalInterfaces = ["ens-general"];
|
||||
forwardPorts = [
|
||||
{ destination = "192.168.1.40:22"; proto = "tcp"; sourcePort = 10022; }
|
||||
{ destination = "192.168.1.40:41641"; proto = "udp"; sourcePort = 41641; }
|
||||
];
|
||||
};
|
||||
services.dhcpd4 = {
|
||||
enable = true;
|
||||
|
@ -79,16 +83,33 @@ in {
|
|||
range 192.168.1.100 192.168.1.200;
|
||||
}
|
||||
'';
|
||||
machines = [
|
||||
{
|
||||
hostName = "totoro";
|
||||
ethernetAddress = "40:8d:5c:1f:e8:68";
|
||||
ipAddress = "192.168.1.40";
|
||||
}
|
||||
{
|
||||
hostName = "totoro-pfsense";
|
||||
ethernetAddress = "52:54:00:cf:cd:94";
|
||||
ipAddress = "192.168.1.41";
|
||||
}
|
||||
{
|
||||
hostName = "kvm";
|
||||
ethernetAddress = "00:0d:5d:1b:14:ba";
|
||||
ipAddress = "192.168.1.50";
|
||||
}
|
||||
];
|
||||
};
|
||||
networking.localCommands = ''
|
||||
tc qdisc del dev ens-virginmedia root || true
|
||||
tc qdisc add dev ens-virginmedia root cake bandwidth 30Mbit docsis nat dual-srchost
|
||||
tc qdisc add dev ens-virginmedia root cake bandwidth 20Mbit docsis nat dual-srchost
|
||||
|
||||
ip link add name ifb-virginmedia type ifb || true
|
||||
tc qdisc del dev ens-virginmedia ingress || true
|
||||
tc qdisc add dev ens-virginmedia handle ffff: ingress
|
||||
tc qdisc del dev ifb-virginmedia root || true
|
||||
tc qdisc add dev ifb-virginmedia root cake bandwidth 500Mbit besteffort docsis nat wash dual-dsthost
|
||||
tc qdisc add dev ifb-virginmedia root cake bandwidth 450Mbit besteffort docsis nat wash dual-dsthost
|
||||
ip link set dev ifb-virginmedia up
|
||||
tc filter add dev ens-virginmedia parent ffff: matchall action mirred egress redirect dev ifb-virginmedia
|
||||
'';
|
||||
|
|
Loading…
Reference in a new issue