movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-13 05:05:29 +03:00
Code Issues Projects Releases Packages Wiki Activity

networking: add proxy_arp / proxy_ndp options.

Browse source 
proxy_arp (and proxy_ndp for ipv6) can be turned on on a few
interfaces (at least 2).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
This commit is contained in:
Mathijs Kwik 2012-08-29 22:17:40 +02:00
parent 0dd46d1335
commit a502ce1128
1 changed files with 31 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

31
modules/tasks/network-interfaces.nix
View file

@ -140,6 +140,24 @@ in
''; '';
}; };
proxyARP = mkOption {
default = false;
type = types.bool;
description = ''
Turn on proxy_arp for this device (and proxy_ndp for ipv6).
This is mainly useful for creating pseudo-bridges between a real
interface and a virtual network such as VPN or a virtual machine for
interfaces that don't support real bridging (most wlan interfaces).
As ARP proxying acts slightly above the link-layer, below-ip traffic
isn't bridged, so things like DHCP won't work. The advantage above
using NAT lies in the fact that no IP addresses are shared, so all
hosts are reachable/routeable.
WARNING: turns on ip-routing, so if you have multiple interfaces, you
should think of the consequence and setup firewall rules to limit this.
'';
};
}; };
}; };
@ -275,6 +293,14 @@ in
echo "Configuring interface ${i.name}..." echo "Configuring interface ${i.name}..."
ip addr add "${i.ipAddress}""${optionalString (i.subnetMask != "") ("/" + i.subnetMask)}" \ ip addr add "${i.ipAddress}""${optionalString (i.subnetMask != "") ("/" + i.subnetMask)}" \
dev "${i.name}" dev "${i.name}"
'' +
optionalString i.proxyARP
''
echo 1 > /proc/sys/net/ipv4/conf/${i.name}/proxy_arp
'' +
optionalString (i.proxyARP && cfg.enableIPv6)
''
echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp
'') '')
} }
@ -293,6 +319,11 @@ in
ip route add default via "${cfg.defaultGateway}" ip route add default via "${cfg.defaultGateway}"
''} ''}
# turn on forwarding if any interface has enabled proxy_arp
${optionalString (any (i: i.proxyARP) cfg.interfaces) ''
echo 1 > /proc/sys/net/ipv4/ip_forward
''}
# Run any user-specified commands. # Run any user-specified commands.
${pkgs.stdenv.shell} ${pkgs.writeText "local-net-cmds" cfg.localCommands} ${pkgs.stdenv.shell} ${pkgs.writeText "local-net-cmds" cfg.localCommands}