Stop rejecting packages from the tunnel
Appears that firewall rejects packages before they are getting unwrapped to GRE Signed-off-by: Egor Savkin <es@m-labs.hk>
This commit is contained in:
parent
4d7e836f07
commit
60903e955f
|
|
@ -92,8 +92,14 @@ in
|
||||||
firewall = {
|
firewall = {
|
||||||
allowedTCPPorts = [ 53 80 443 2222 7402 ];
|
allowedTCPPorts = [ 53 80 443 2222 7402 ];
|
||||||
allowedUDPPorts = [ 53 67 500 4500 ];
|
allowedUDPPorts = [ 53 67 500 4500 ];
|
||||||
trustedInterfaces = [ netifLan netifUSA ];
|
trustedInterfaces = [ netifLan ];
|
||||||
logRefusedConnections = false;
|
logRefusedConnections = false;
|
||||||
|
extraCommands = ''
|
||||||
|
iptables -A INPUT -s 5.78.86.156 -p gre -j ACCEPT
|
||||||
|
iptables -A INPUT -s 5.78.86.156 -p ah -j ACCEPT
|
||||||
|
iptables -A OUTPUT -d 5.78.86.156 -p gre -j ACCEPT
|
||||||
|
iptables -A OUTPUT -d 5.78.86.156 -p ah -j ACCEPT
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off
|
interfaces."${netifWan}".useDHCP = true; # PCCW - always wants active DHCP lease or cuts you off
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue