From 4bd049583405a7d3eb01bf1ab1de32d0b0a3ed19 Mon Sep 17 00:00:00 2001 From: Sebastien Bourdeauducq Date: Wed, 20 Nov 2019 19:29:35 +0800 Subject: [PATCH] nixbld: set up rpi SSH port redirects for IPv4 users --- nixbld-etc-nixos/configuration.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixbld-etc-nixos/configuration.nix b/nixbld-etc-nixos/configuration.nix index d003059..641e3aa 100644 --- a/nixbld-etc-nixos/configuration.nix +++ b/nixbld-etc-nixos/configuration.nix @@ -66,6 +66,12 @@ in enable = true; externalInterface = netifWan; internalInterfaces = [ netifLan netifWifi ]; + forwardPorts = [ + { sourcePort = 2201; destination = "192.168.1.201:22"; proto = "tcp"; } + { sourcePort = 2202; destination = "192.168.1.202:22"; proto = "tcp"; } + { sourcePort = 2203; destination = "192.168.1.203:22"; proto = "tcp"; } + { sourcePort = 2204; destination = "192.168.1.204:22"; proto = "tcp"; } + ]; extraCommands = '' iptables -w -N block-lan-from-wifi iptables -w -A block-lan-from-wifi -i ${netifLan} -o ${netifWifi} -j DROP @@ -111,6 +117,12 @@ in dhcp-range=interface:${netifLan},::,constructor:${netifLan},ra-names dhcp-range=interface:${netifWifi},::,constructor:${netifWifi},ra-only + # Static IPv4s to make port redirections work + dhcp-host=rpi-1,192.168.1.201 + dhcp-host=rpi-2,192.168.1.202 + dhcp-host=rpi-3,192.168.1.203 + dhcp-host=rpi-4,192.168.1.204 + # Default IP addresses for ARTIQ boards address=/thermostat/192.168.1.26 address=/kc705/192.168.1.50