I am attempting to set up DNAT on my server. Here is my (probably wrong) configuration for DNAT:
networking.nat.enable = true;
networking.nat.dmzHost = "localhost";
networking.nat.externalInterface = "bond0";
networking.nat.forwardPorts = [
{
destination = "192.168.122.109:1024-10240";
proto = "tcp";
sourcePort = "1024:10240";
}
{
destination = "192.168.122.109:1024-10240";
proto = "udp";
sourcePort = "1024:10240";
}
{
destination = "192.168.122.126:1024-10240";
proto = "tcp";
sourcePort = "10241:20481";
}
{
destination = "192.168.122.126:1024-10240";
proto = "udp";
sourcePort = "10241:20481";
}
];
networking.nat.internalInterfaces = ["virbr0"];
I don’t know what I’m doing wrong, but for some reason, the firewall service is failing with this error:
firewall-reload[28238]: iptables v1.8.3 (legacy): unknown option "--set-mark"
firewall-reload[28238]: Try `iptables -h' or 'iptables --help' for more information.
firewall-reload[28238]: Failed to reload firewall... Stopping
So, some questions:
- Why is iptables in “legacy” mode and how do I pull it into “modern” mode?
- Have I messed something up in the above configuration?
I am attempting to make a couple VMs available to people outside my server so that they can play with NixOS for a bit, but this is preventing me from doing so.