networking: route port 2222 to hephaistos:22

author: quentin@aristote.fr <quentin@aristote.fr> 2025-10-12 15:00:05 +0200
committer: quentin@aristote.fr <quentin@aristote.fr> 2025-10-12 18:20:47 +0200
commit: b5a8efe247a2a724c519ef56411da3ed953bc437 (patch)
tree: 9a87782b21497589676a507075488d09f56a2b8e /config/networking.nix
parent: 815dcfd8505d6fd68b8196d60f8e5abc1d9d58dc (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/config/networking.nix b/config/networking.nix
index 8322f8c..a39d85a 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -22,6 +22,25 @@
       "93.95.224.28"
       "93.95.224.29"
     ];
+
+    # reroute SSH on port 2222 to hephaistos
+    nat.enable = true;
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table ip nat {
+          chain pre {
+            type nat hook prerouting priority dstnat; policy accept;
+            iifname "ens3" tcp dport 2222 dnat to 100.64.0.3:22
+          }
+          chain post {
+            type nat hook postrouting priority srcnat; policy accept;
+            iifname "ens3" ip daddr 100.64.0.3 tcp dport 22 masquerade
+          }
+        }
+      '';
+    };
+
   };
 
   services.resolved = {
author	quentin@aristote.fr <quentin@aristote.fr>	2025-10-12 15:00:05 +0200
committer	quentin@aristote.fr <quentin@aristote.fr>	2025-10-12 18:20:47 +0200
commit	b5a8efe247a2a724c519ef56411da3ed953bc437 (patch)
tree	9a87782b21497589676a507075488d09f56a2b8e /config/networking.nix
parent	815dcfd8505d6fd68b8196d60f8e5abc1d9d58dc (diff)