forked from M-Labs/nix-scripts
nixbld: set up rpi SSH port redirects for IPv4 users
This commit is contained in:
parent
5b06c68583
commit
4bd0495834
@ -66,6 +66,12 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
externalInterface = netifWan;
|
externalInterface = netifWan;
|
||||||
internalInterfaces = [ netifLan netifWifi ];
|
internalInterfaces = [ netifLan netifWifi ];
|
||||||
|
forwardPorts = [
|
||||||
|
{ sourcePort = 2201; destination = "192.168.1.201:22"; proto = "tcp"; }
|
||||||
|
{ sourcePort = 2202; destination = "192.168.1.202:22"; proto = "tcp"; }
|
||||||
|
{ sourcePort = 2203; destination = "192.168.1.203:22"; proto = "tcp"; }
|
||||||
|
{ sourcePort = 2204; destination = "192.168.1.204:22"; proto = "tcp"; }
|
||||||
|
];
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
iptables -w -N block-lan-from-wifi
|
iptables -w -N block-lan-from-wifi
|
||||||
iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
|
iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP
|
||||||
@ -111,6 +117,12 @@ in
|
|||||||
dhcp-range=interface:${netifLan},::,constructor:${netifLan},ra-names
|
dhcp-range=interface:${netifLan},::,constructor:${netifLan},ra-names
|
||||||
dhcp-range=interface:${netifWifi},::,constructor:${netifWifi},ra-only
|
dhcp-range=interface:${netifWifi},::,constructor:${netifWifi},ra-only
|
||||||
|
|
||||||
|
# Static IPv4s to make port redirections work
|
||||||
|
dhcp-host=rpi-1,192.168.1.201
|
||||||
|
dhcp-host=rpi-2,192.168.1.202
|
||||||
|
dhcp-host=rpi-3,192.168.1.203
|
||||||
|
dhcp-host=rpi-4,192.168.1.204
|
||||||
|
|
||||||
# Default IP addresses for ARTIQ boards
|
# Default IP addresses for ARTIQ boards
|
||||||
address=/thermostat/192.168.1.26
|
address=/thermostat/192.168.1.26
|
||||||
address=/kc705/192.168.1.50
|
address=/kc705/192.168.1.50
|
||||||
|
Loading…
Reference in New Issue
Block a user