NixOS Networking

Chains are case-sensitive. Use PREROUTING

Ah

Upgrading my routers today and noticed that I'm building the kernels. Turns out I have a kernelPatch to enable CONFIG_INFINIBAND_IPOIB_CM back when I first switched to NixOS from Arch, and it's not enabled in the default kernel.

06:37:45

So apparently no one except me is using IB with NixOS? 😅 Opening a PR in a bit

06:38:36

Corbin

You might be the only one using the Connected Mode feature. A PR seems sensible, since it would only trigger the underlying module to be built.

07:38:04

I was saying that because IPoIB isn't really "usable" without Connected Mode. The performance is just so much better.

08:01:24

nyanotech joined the room.

14:24:01

Church

Hmm seems my policy based route for port 25 traffic still isn't working. Grumble, I think this is why I quit trying this last time to heh

17:37:27

mutantmell

I have an old Unifi AC I'm currently not using, maybe I'll try putting NixOS or openwrt on it

18:11:35

Church: might not need fwmark after all

22:11:53

ip rule knows dport 25 and iif eth0

Eyep.

If you saw a church in #networking on libera that was me. :P

22:12:35

mutantmell: openwrt will be easy, nixwrt might be something you want to look into

22:12:40

I'm there, but I don't actively follow the conversations

22:12:52

I'm in north of 200 channels

22:13:00

Church

Just need to figure out the fw rules to proxy traffic correctly from wg0 -> eth0 on my remote end finally.

22:13:10

mutantmell

In reply to @hexa:lossy.network
mutantmell: openwrt will be easy, nixwrt might be something you want to look into

thanks for the pointer!

22:52:14

$ networkctl status wlan0
● 3: wlan0                                                                                                                   
                     Link File: /nix/store/i3kbvbm0rib0habk88ybm9xpqpnj1s8x-systemd-247.2/lib/systemd/network/99-default.link
                  Network File: /etc/systemd/network/40-wlan0.network                                                        
                          Type: wlan                                                                                         
                         State: enslaved (failed)                                                                            
                          Path: platform-fe300000.mmcnr                                                                      
                        Driver: brcmfmac                                                                                     
                    HW Address: dc:a6:32:fe:7a:34 (Raspberry Pi Trading Ltd)                                                 
                           MTU: 1500 (min: 68, max: 1500)                                                                    
                         QDisc: fq_codel                                                                                     
                        Master: br0                                                                                          
  IPv6 Address Generation Mode: none                                                                                         
             WiFi access point: My Pi Network (00:00:00:00:00:00)                                                            
          Queue Length (Tx/Rx): 1/1                                                                                          

Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Could not join netdev: Device does not allow enslaving to a bridge. Operation not supported
Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Failed
Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Link UP
Jun 05 23:47:15 nixos systemd-networkd[659]: wlan0: Gained carrier

So this is the networkctl status of my wlan0 interface on the rpi that I set up as an access point yesterday. The network all functions like there's nothing wrong, but there it says it's "failed". Why is that?

23:50:48

You typically can't put wireless interfaces into a bridge

23:53:05

Zhaofeng Li: Well it works. I have hostapd on wlan0, and my other devices can connect to it as a wifi network, and the bridge with eth0 must be working because those devices can reach the internet.

23:54:04

You are doing routing instead of bridging

23:56:00

Care to explain your setup again?

23:56:34

Zhaofeng Li: I don't have a dhcp server or anything on this pi though

One sec...

On my pi, I have this:

  networking.bridges.br0.interfaces = ["eth0" "wlan0"];
  services.hostapd = {
    enable = true;
    interface = "wlan0";
    hwMode = "g";
    ssid = "My Pi Network";
    wpaPassphrase = "foobarbaz";
    extraConfig = ''
      disable_pmksa_caching=0
      wpa_pairwise=CCMP
      rsn_pairwise=CCMP
      bridge=br0
    '';
  };

23:59:01

eth0 leads back to enp4s0 on my desktop, which is running a dhcp server with its wifi interface as the wan

23:59:30

On the desktop:

let
  wan = "wlp5s0";
  lan = "enp4s0";
in {
  services.dhcpd4 = {
    interfaces = [ lan ];
    enable = true;
    extraConfig = ''
      subnet 192.168.3.0 netmask 255.255.255.0 {
        option subnet-mask 255.255.255.0;
        option broadcast-address 192.168.3.255;
        option routers 192.168.3.1;
        option domain-name-servers 8.8.8.8, 8.8.4.4;
        range 192.168.3.100 192.168.3.200;
      }
    '';
  };
  networking = {
    networkmanager.unmanaged = [ lan ];
    interfaces = {
      ${lan} = {
        ipv4.addresses = [{
          address = "192.168.3.1";
          prefixLength = 24;
        }];
      };
    };
    nat = {
      enable = true;
      externalInterface = wan;
      internalIPs = [ "192.168.3.0/24" ];
      internalInterfaces = [ lan ];
    };
  };
}

23:59:58