manatee: Ensure local traffic works next to VPN

2026-01-06 17:04:53 +00:00
parent 5f756ae514
commit c064d277ca
1 changed files with 11 additions and 5 deletions
--- a/hosts/manatee/modules/network/default.nix
+++ b/hosts/manatee/modules/network/default.nix
@@ -1,4 +1,7 @@
 { ... }:
+let
+  hostAddress = "192.168.50.203";
+in
 {
  networking = {
    hostName = "manatee";
@@ -15,7 +18,7 @@
        ipv4 = {
          addresses = [
            {
-              address = "192.168.50.203";
+              address = hostAddress;
              prefixLength = 24;
            }
          ];
@@ -34,11 +37,14 @@
      };
    };

-    # Route packets from machines local IP back to router
    localCommands = ''
-      # Add the rule only if it doesn't exist yet (idempotent)
-      ip rule list | grep -q "from 192.168.50.203 lookup 100" || \
-      ip rule add from 192.168.50.203 lookup 100 priority 5000
+      # Ensure local LAN traffic uses the main table, e.g. responds to the local machine
+      ip rule list | grep -q "192.168.50.0/24 lookup main" || \
+      ip rule add to 192.168.50.0/24 lookup main priority 4999
+
+      # All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
+      ip rule list | grep -q "from ${hostAddress} lookup 100" || \
+      ip rule add from ${hostAddress} lookup 100 priority 5000
    '';
  };
 }