tilpner has joined #nixos-on-your-router
ingenieroariel has joined #nixos-on-your-router
<ingenieroariel> Hello everyone - does anyone have a sample configuration for a wifi router (my intel nuc has a static IP on the eth0 port and I want to set up a local hotspot now)
<makefu> ingenieroariel: there is "services.hostap" which supposently sets up an access point, however i have never used it https://nixos.org/nixos/options.html#hostap
<ingenieroariel> makefu: just reading - I had disabled dhcp - do you know the syntax to set up dhcp on a particular network adapter?
<makefu> https://nixos.org/nixos/options.html#dhcpd < this seems to be it. use services.dhcpd.interfaces
<makefu> dhcpd4
<ingenieroariel> thanks a lot!
ingenieroariel has quit [Quit: Page closed]
ingenieroariel_ has joined #nixos-on-your-router
<ingenieroariel_> hello - I managed to get my wifi network set up (using wpa_supplicant) and dhcp4, now my clients can connect and get an ip address
<gchristensen> nice!
<ingenieroariel_> the issue I am facing right now is making my computer acting as router to respond to clients, so they have an ip address and know about the router but nothing gets in or out
<gchristensen> you need forwarding rules! :)
<gchristensen> or maybe a nat?
<ingenieroariel_> thanks to clever I already added a nat section but that did not help
<gchristensen> nice
<ingenieroariel_> ok, so I'll read about iptables now and see what is missing
<gchristensen> it'd be cool to have a "minimal router expression" in the wiki or something
<ingenieroariel_> I can contribute that - my whole config is up in github too: https://github.com/piensa/puertico/blob/nixos/configuration.nix#L14
<gchristensen> first we need to get it working :)
<ingenieroariel_> the line I linked is slightly different to the ones you mention, I'll replace mine with yours
<ingenieroariel_> I added the boot.kernel.sysctl without luck
<ingenieroariel_> I wonder if there is a way to see my 'router' ignoring the pings from my other machine
<gchristensen> I thinkyou need some more forward rules
<gchristensen> but mine are crazy complicated
<gchristensen> anyone have some simple forward rules? :P
<makefu> i've found some config from lassulus, sec
<makefu> http://paste.krebsco.de/cvEfD9nb/+inline - just imagine the forwarding rules in plain iptables
<makefu> it sets up a dedicated bridge for wifi <-> ethernet
<ingenieroariel_> looks like the simple version is still very complex for me :)
<ingenieroariel_> I my use case the eth0 is assigned an static public ip address, so I think nat was the correct option there instead of a bridge?
<ingenieroariel_> it looks like virt is setting up something similar to what I want?
<ingenieroariel_> with: ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere
<ingenieroariel_> what is the difference between networking.nat.extraCommands and networking.firewall.extraCommands when it comes to adding iptables rules?
<makefu> i think you can use both
<makefu> the one will be started at the beginning of NAT, the other of iptables
<ingenieroariel_> so in this context both is the same as any of the two, right?
<ingenieroariel_> thanks for both set of rules - I'll save them and try them again tomorrow, once I get it working I'll try to create an entry in the wiki
<ingenieroariel_> I did iptables-save on my current system, before any additional rules: https://gist.github.com/ingenieroariel/cddaf58fcf5b5fa94be6dd0574170cb0#file-iptables-save
ingenieroariel_ has quit [Ping timeout: 256 seconds]