To increase the security of my NAT configuration, I opted to implement port triggering instead of the traditional port forwarding on my router. I chose this approach in order to configure it from my nix configuration.
Specifically, I have enabled port 443 triggering on my router and included the following configuration:
nftables = {
enable = true;
ruleset = ''
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
iifname "wlp2s0" tcp dport 443 dnat to 10.100.0.3:443
}
}
'';
};
nat = {
enable = true;
internalInterfaces = ["lo"];
externalInterface = "wlp2s0";
forwardPorts = [
{
sourcePort = 443;
proto = "tcp";
destination = "10.100.0.3:443";
}
];
};
Now, after rebuilding, it still does not work and I’m left to wonder why. Are both the NAT and nftables settings even meant to run at the same time?
If you enable iptables you may have to disable firewall.
I have firewall disabled for my ports, so that’s not the issue here.