Skip to content

Nat

networking.nat.dmzHost

The local IP address to which all traffic that does not match any forwarding rule is forwarded.

Type: null or string

Default

null

Example

"10.0.0.1"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.enable

Whether to enable Network Address Translation (NAT).

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.enableIPv6

Whether to enable IPv6 NAT.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.externalIP

The public IP address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.

Type: null or string

Default

null

Example

"203.0.113.123"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.externalIPv6

The public IPv6 address to which packets from the local network are to be rewritten. If this is left empty, the IP address associated with the external interface will be used.

Type: null or string

Default

null

Example

"2001:dc0:2001:11::175"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.externalInterface

The name of the external network interface.

Type: null or string

Default

null

Example

"eth1"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.extraCommands

Additional shell commands executed as part of the nat initialisation script.

This option is incompatible with the nftables based nat module.

Type: strings concatenated with "\n"

Default

""

Example

"iptables -A INPUT -p icmp -j ACCEPT"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat-iptables.nix

networking.nat.extraStopCommands

Additional shell commands executed as part of the nat teardown script.

This option is incompatible with the nftables based nat module.

Type: strings concatenated with "\n"

Default

""

Example

"iptables -D INPUT -p icmp -j ACCEPT || true"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat-iptables.nix

networking.nat.forwardPorts

List of forwarded ports from the external interface to internal destinations by using DNAT. Destination can be IPv6 if IPv6 NAT is enabled.

Type: list of (submodule)

Default

[ ]

Example

[{destination = "10.0.0.1:80";proto = "tcp";sourcePort = 8080;}{destination = "[fc00::2]:80";proto = "tcp";sourcePort = 8080;}]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.forwardPorts.*.destination

Forward connection to destination ip:port (or [ipv6]:port); to specify a port range, use ip:start-end Type: string

Example

"10.0.0.1:80"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.forwardPorts.*.loopbackIPs

Public IPs for NAT reflection; for connections to loopbackip:sourcePort from the host itself and from other hosts behind NAT Type: list of string

Default

[ ]

Example

[ "55.1.2.3" ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.forwardPorts.*.proto

Protocol of forwarded connection Type: string

Default

"tcp"

Example

"udp"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.forwardPorts.*.sourcePort

Source port of the external interface; to specify a port range, use a string with a colon (e.g. "60000:61000") Type: signed integer or string matching the pattern [[:digit:]]+:[[:digit:]]+

Example

8080

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.internalIPs

The IP address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.

Type: list of string

Default

[ ]

Example

["192.168.1.0/24"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.internalIPv6s

The IPv6 address ranges for which to perform NAT. Packets coming from these addresses (on any interface) and destined for the external interface will be rewritten.

Type: list of string

Default

[ ]

Example

["fc00::/64"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix

networking.nat.internalInterfaces

The interfaces for which to perform NAT. Packets coming from these interface and destined for the external interface will be rewritten.

Type: list of string

Default

[ ]

Example

["eth0"]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/networking/nat.nix