space_server: enable NAT64/DNS64 network

1 files changed, 7 insertions, 3 deletions

diff --git a/roles/space_server/files/nftables.conf b/roles/space_server/files/nftables.conf
index 0cb7c4f..8b3124c 100644
--- a/roles/space_server/files/nftables.conf
+++ b/roles/space_server/files/nftables.conf
@@ -38,9 +38,11 @@ define pass_ip4  = 10.42.4.1
 define pass_net4 = 10.42.4.0/24
 define pass_net6 = 2a01:4262:1ab:e::/64
 
-#define nat64_if   = nat64
-#define nat64_net  = 10.42.255.0/24
-#define nat64_net6 = fde2:52b4:4a19:ffff::/96
+define futu_if   = lan15
+define futu_net6 = 2a01:4262:1ab:f::/64
+
+define nat64_if   = nat64
+define nat64_net4 = 10.42.128.0/17
 
 define colo_if   = lan20
 define colo_ip4  = 185.38.175.65
@@ -116,6 +118,7 @@ table ip filter {
 		iif $priv_if ip saddr $priv_net4 accept
 		iif $free_if ip saddr $free_net4 ip daddr != $int_net4 accept
 		iif $pass_if ip saddr $pass_net4 accept
+		iif $nat64_if ip saddr $nat64_net4 accept
 		iif $colo_if ip saddr $colo_net4 ip daddr != $int_net4 accept
 		oif $colo_if accept
 
@@ -171,6 +174,7 @@ table ip6 filter {
 		iif $priv_if ip6 saddr $priv_net6 accept
 		iif $free_if ip6 saddr $free_net6 ip6 daddr != $ext_net6 accept
 		iif $pass_if ip6 saddr $pass_net6 accept
+		iif $futu_if ip6 saddr $futu_net6 accept
 		iif $colo_if ip6 saddr $colo_net6 ip6 daddr != $ext_net6 accept
 		oif $colo_if accept