space_server: nftables: only NAT local addresses

author: Emil Renner Berthing <esmil@labitat.dk> 2017-11-15 22:51:17 +0100
committer: Emil Renner Berthing <esmil@labitat.dk> 2017-11-15 22:51:17 +0100
commit: abe090b25244399b8a8852e69f0f1e4e0c9d1662 (patch)
tree: 7e649874c7adee94f6203b8afcc1b786f7efff41 /roles/space_server/files
parent: a7f4f41fb8959da897469b927f35be88b7b0503f (diff)
download: labitat-ansible-abe090b25244399b8a8852e69f0f1e4e0c9d1662.tar.gz
labitat-ansible-abe090b25244399b8a8852e69f0f1e4e0c9d1662.tar.xz
labitat-ansible-abe090b25244399b8a8852e69f0f1e4e0c9d1662.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf
index e2f5eb3..30233b0 100644
--- a/roles/space_server/files/nftables/nftables.conf
+++ b/roles/space_server/files/nftables/nftables.conf
@@ -199,6 +199,6 @@ table ip nat {
 
 	chain postrouting {
 		type nat hook postrouting priority -150;
-		oif $ext_if snat $ext_ip4
+		oif $ext_if ip saddr $int_net4 snat $ext_ip4
         }
 }
author	Emil Renner Berthing <esmil@labitat.dk>	2017-11-15 22:51:17 +0100
committer	Emil Renner Berthing <esmil@labitat.dk>	2017-11-15 22:51:17 +0100
commit	abe090b25244399b8a8852e69f0f1e4e0c9d1662 (patch)
tree	7e649874c7adee94f6203b8afcc1b786f7efff41 /roles/space_server/files
parent	a7f4f41fb8959da897469b927f35be88b7b0503f (diff)
download	labitat-ansible-abe090b25244399b8a8852e69f0f1e4e0c9d1662.tar.gz labitat-ansible-abe090b25244399b8a8852e69f0f1e4e0c9d1662.tar.xz labitat-ansible-abe090b25244399b8a8852e69f0f1e4e0c9d1662.zip