51 lines
1.3 KiB
Nix
51 lines
1.3 KiB
Nix
{ ... }:
|
|
let
|
|
hostAddress = "192.168.50.203";
|
|
in
|
|
{
|
|
networking = {
|
|
hostName = "manatee";
|
|
|
|
# Required for asymmetric routing (sending replies out a different interface
|
|
# than the default route). Without this, the kernel drops the return traffic.
|
|
firewall.checkReversePath = "loose";
|
|
|
|
defaultGateway = "192.168.50.1";
|
|
nameservers = [ "1.1.1.1" ];
|
|
interfaces = {
|
|
enp3s0 = {
|
|
useDHCP = false;
|
|
ipv4 = {
|
|
addresses = [
|
|
{
|
|
address = hostAddress;
|
|
prefixLength = 24;
|
|
}
|
|
];
|
|
};
|
|
|
|
ipv4.routes = [
|
|
{
|
|
address = "0.0.0.0";
|
|
prefixLength = 0;
|
|
via = "192.168.50.1"; # Router
|
|
options = {
|
|
table = "100";
|
|
};
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
localCommands = ''
|
|
# Ensure local LAN traffic uses the main table, e.g. responds to the local machine
|
|
ip rule list | grep -q "192.168.50.0/24 lookup main" || \
|
|
ip rule add to 192.168.50.0/24 lookup main priority 4999
|
|
|
|
# All other traffic from this IP uses Table 100 (e.g. responds to router and back out)
|
|
ip rule list | grep -q "from ${hostAddress} lookup 100" || \
|
|
ip rule add from ${hostAddress} lookup 100 priority 5000
|
|
'';
|
|
};
|
|
}
|