🚑 minecraft: fix nat forwarding

2024-07-12 15:09:14 -04:00 · 2024-07-12 15:09:14 -04:00 · fed866990c
commit fed866990c
parent fe3911ab2c
1 changed files with 26 additions and 8 deletions
--- a/modules/minecraft/proxy.nix
+++ b/modules/minecraft/proxy.nix
@ -1,14 +1,32 @@
-{ pkgs, ... }:
+_:
 let
  dest_ip = "100.111.208.75";
+  dest_port = 25565;
 in
 {
-  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
-  networking.firewall.allowedTCPPorts = [ 25565 ];
+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ dest_port ];
+    };
+    nat = {
+      enable = true;
+      internalInterfaces = [ "tailscale0" ];
+      externalInterface = "eth0";
+      forwardPorts = [
+        {
+          sourcePort = dest_port;
+          proto = "tcp";
+          destination = "${dest_ip}:${toString dest_port}";
+        }
+      ];
+    };
+  };

-  networking.firewall.extraCommands = ''
-    IPTABLES=${pkgs.iptables}/bin/iptables
-    "$IPTABLES" -t nat -A PREROUTING -p tcp --dport 25565 -j DNAT --to-destination ${dest_ip}:25565
-    "$IPTABLES" -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE
-  '';
+  services = {
+    tailscale = {
+      useRoutingFeatures = "server";
+      extraUpFlags = [ "--stateful-filtering=false" ];
+    };
+  };
 }