forward mimer's wireguard port

author: Mathias Magnusson <mathias@magnusson.space> 2025-10-24 20:40:29 +0200
committer: Mathias Magnusson <mathias@magnusson.space> 2025-10-24 21:30:51 +0200
commit: 5a3dcbe207323690143fff0f1ebeb4a28f2acfc6 (patch)
tree: 3110fba36b23dd8a799ba4909771a2995e55b167
parent: 640121f2721134164e8f083c07ce1bc0f26263a0 (diff)
download: oden-5a3dcbe207323690143fff0f1ebeb4a28f2acfc6.tar.gz
1 files changed, 15 insertions, 7 deletions
diff --git a/router.nix b/router.nix
index 3cca35e..88e2ab7 100644
--- a/router.nix
+++ b/router.nix
@@ -9,13 +9,25 @@ in
 
   networking = {
     nftables.enable = true;
-    firewall.filterForward = true;
+    firewall = {
+      filterForward = true;
+      allowedTCPPorts = [ 53 ];
+      allowedUDPPorts = [
+        53
+        67
+      ];
+    };
     nat = {
       enable = true;
       externalInterface = wanInterface;
       internalInterfaces = [ "br0" ];
       forwardPorts = [
         {
+          sourcePort = 51801;
+          destination = "10.69.0.3:51801";
+          proto = "udp";
+        }
+        {
           sourcePort = 80;
           destination = "10.69.0.3:80";
         }
@@ -55,7 +67,9 @@ in
         }
       ];
     };
+    nameservers = [ "127.0.0.1" ];
   };
+
   services.hostapd = {
     enable = true;
     radios.${wifiInterface} = {
@@ -106,12 +120,6 @@ in
       ];
     };
   };
-  networking.nameservers = [ "127.0.0.1" ];
-  networking.firewall.allowedUDPPorts = [
-    53
-    67
-  ];
-  networking.firewall.allowedTCPPorts = [ 53 ];
   oden.persist.directories = [ "/var/lib/dnsmasq" ];
 
   age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age;
author	Mathias Magnusson <mathias@magnusson.space>	2025-10-24 20:40:29 +0200
committer	Mathias Magnusson <mathias@magnusson.space>	2025-10-24 21:30:51 +0200
commit	5a3dcbe207323690143fff0f1ebeb4a28f2acfc6 (patch)
tree	3110fba36b23dd8a799ba4909771a2995e55b167
parent	640121f2721134164e8f083c07ce1bc0f26263a0 (diff)
download	oden-5a3dcbe207323690143fff0f1ebeb4a28f2acfc6.tar.gz