diff options
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/myconf/cfgl_meta | 2 | ||||
| -rw-r--r-- | etc/nftables.conf | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/etc/myconf/cfgl_meta b/etc/myconf/cfgl_meta index 6aa1dcf2..13e8317b 100644 --- a/etc/myconf/cfgl_meta +++ b/etc/myconf/cfgl_meta @@ -32,7 +32,7 @@ 755 root root //etc/systemd/system/multi-user.target.wants 777 root root //etc/systemd/system/multi-user.target.wants/wg-quick@wg0.service 755 root root //etc/systemd/system/paccache.service.d -600 root root //etc/systemd/system/paccache.service.d/10-remove-all.conf +644 root root //etc/systemd/system/paccache.service.d/10-remove-all.conf 755 root root //home 700 xyz wheel //home/xyz 644 xyz wheel //home/xyz/.bashrc diff --git a/etc/nftables.conf b/etc/nftables.conf index be70bebb..5845c4c9 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -9,6 +9,7 @@ flush ruleset define pub_iface = "ens18" +define pub_iface6 = "ipv6net" define wg_iface = "wg0" table inet my_table { @@ -62,7 +63,9 @@ table inet nat { policy accept # Needed for VPN. Needed for port forwarding from cilent with VPN through server # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#default-route - oifname $pub_iface masquerade + # xyzba uses 6in4 sit tunnel for ipv6. To use ipv6 when wg to xyzba, that network interface name ipv6net ($pub_iface6) also needs to be masqueraded + # https://wiki.archlinux.org/title/IPv6_tunnel_broker_setup + oifname { $pub_iface, $pub_iface6 } masquerade # needed for port forwarding from client without VPN through server # https://www.procustodibus.com/blog/2022/09/wireguard-port-forward-from-internet/#masquerading #oifname $wg_iface masquerade |