Superminaren
/
kvm
mirror of https://github.com/jetkvm/kvm.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enable Ipv4 forwarding

This commit is contained in:
Daniel Lorch 2025-05-14 21:49:18 +02:00
parent a467793f39
commit b512e4d817
2 changed files with 74 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
internal/network/nat.go Normal file
View File

@ -0,0 +1,66 @@
package network
import (
"fmt"
"os"
"os/exec"
)
const (
procIpv4ForwardPath = "/proc/sys/net/ipv4/ip_forward"
)
func (s *NetworkInterfaceState) reconfigureNat(wantNat bool, sourceAddr string) error {
scopedLogger := s.l.With().Str("iface", s.interfaceName).Logger()
if wantNat && s.IsOnline() {
scopedLogger.Info().Msg("enabling NAT")
err := enableNat(sourceAddr, s.interfaceName, s.IPv4String())
if err != nil {
s.l.Error().Err(err).Msg("failed to enable NAT")
}
} else {
scopedLogger.Info().Msg("disabling NAT")
err := disableNat()
if err != nil {
s.l.Error().Err(err).Msg("failed to disable NAT")
}
}
return nil
}
func enableNat(sourceAddr string, oIfName string, snatToAddr string) error {
if err := os.WriteFile(procIpv4ForwardPath, []byte("1"), 0644); err != nil {
return fmt.Errorf("failed to write %s: %w", procIpv4ForwardPath, err)
}
if err := exec.Command("nft", "add table nat").Run(); err != nil {
return fmt.Errorf("failed to add table nat: %w", err)
}
if err := exec.Command("nft", "flush table nat").Run(); err != nil {
return fmt.Errorf("failed to flush table nat: %w", err)
}
if err := exec.Command("nft", "add chain nat postrouting { type nat hook postrouting priority 100 ; }").Run(); err != nil {
return fmt.Errorf("failed to add chain nat: %w", err)
}
if err := exec.Command("nft", "add rule nat postrouting ip saddr", sourceAddr, "oif", oIfName, "snat to", snatToAddr).Run(); err != nil {
return fmt.Errorf("failed to add postrouting rule: %w", err)
}
return nil
}
func disableNat() error {
if err := os.WriteFile(procIpv4ForwardPath, []byte("0"), 0644); err != nil {
return fmt.Errorf("failed to write %s: %w", procIpv4ForwardPath, err)
}
if err := exec.Command("nft", "delete table nat").Run(); err != nil {
return fmt.Errorf("failed to run nft: %w", err)
}
return nil
}

10
internal/network/netif.go
View File

@ -72,8 +72,14 @@ func NewNetworkInterfaceState(opts *NetworkInterfaceOptions) (*NetworkInterfaceS
defaultHostname: opts.DefaultHostname, defaultHostname: opts.DefaultHostname,
stateLock: sync.Mutex{}, stateLock: sync.Mutex{},
l: l, l: l,
onStateChange: opts.OnStateChange, onStateChange: func(s *NetworkInterfaceState) {
onInitialCheck: opts.OnInitialCheck, s.reconfigureNat(true, "172.16.55.0/24")
opts.OnStateChange(s)
},
onInitialCheck: func(s *NetworkInterfaceState) {
s.reconfigureNat(true, "172.16.55.0/24")
opts.OnInitialCheck(s)
},
cbConfigChange: opts.OnConfigChange, cbConfigChange: opts.OnConfigChange,
config: opts.NetworkConfig, config: opts.NetworkConfig,
} }