From b5a8efe247a2a724c519ef56411da3ed953bc437 Mon Sep 17 00:00:00 2001
From: "quentin@aristote.fr" <quentin@aristote.fr>
Date: Sun, 12 Oct 2025 15:00:05 +0200
Subject: networking: route port 2222 to hephaistos:22

---
 config/networking.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'config/networking.nix')

diff --git a/config/networking.nix b/config/networking.nix
index 8322f8c..a39d85a 100644
--- a/config/networking.nix
+++ b/config/networking.nix
@@ -22,6 +22,25 @@
       "93.95.224.28"
       "93.95.224.29"
     ];
+
+    # reroute SSH on port 2222 to hephaistos
+    nat.enable = true;
+    nftables = {
+      enable = true;
+      ruleset = ''
+        table ip nat {
+          chain pre {
+            type nat hook prerouting priority dstnat; policy accept;
+            iifname "ens3" tcp dport 2222 dnat to 100.64.0.3:22
+          }
+          chain post {
+            type nat hook postrouting priority srcnat; policy accept;
+            iifname "ens3" ip daddr 100.64.0.3 tcp dport 22 masquerade
+          }
+        }
+      '';
+    };
+
   };
 
   services.resolved = {
-- 
cgit v1.2.3