Enable Ipv4 forwarding

2025-05-14 21:49:18 +02:00 · 2025-05-14 21:49:18 +02:00 · b512e4d817
parent a467793f39
commit b512e4d817
2 changed files with 74 additions and 2 deletions
--- a/internal/network/nat.go
+++ b/internal/network/nat.go
@ -0,0 +1,66 @@
+package network
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+)
+
+const (
+	procIpv4ForwardPath = "/proc/sys/net/ipv4/ip_forward"
+)
+
+func (s *NetworkInterfaceState) reconfigureNat(wantNat bool, sourceAddr string) error {
+	scopedLogger := s.l.With().Str("iface", s.interfaceName).Logger()
+
+	if wantNat && s.IsOnline() {
+		scopedLogger.Info().Msg("enabling NAT")
+		err := enableNat(sourceAddr, s.interfaceName, s.IPv4String())
+		if err != nil {
+			s.l.Error().Err(err).Msg("failed to enable NAT")
+		}
+	} else {
+		scopedLogger.Info().Msg("disabling NAT")
+		err := disableNat()
+		if err != nil {
+			s.l.Error().Err(err).Msg("failed to disable NAT")
+		}
+	}
+	return nil
+}
+
+func enableNat(sourceAddr string, oIfName string, snatToAddr string) error {
+	if err := os.WriteFile(procIpv4ForwardPath, []byte("1"), 0644); err != nil {
+		return fmt.Errorf("failed to write %s: %w", procIpv4ForwardPath, err)
+	}
+
+	if err := exec.Command("nft", "add table nat").Run(); err != nil {
+		return fmt.Errorf("failed to add table nat: %w", err)
+	}
+
+	if err := exec.Command("nft", "flush table nat").Run(); err != nil {
+		return fmt.Errorf("failed to flush table nat: %w", err)
+	}
+
+	if err := exec.Command("nft", "add chain nat postrouting { type nat hook postrouting priority 100 ; }").Run(); err != nil {
+		return fmt.Errorf("failed to add chain nat: %w", err)
+	}
+
+	if err := exec.Command("nft", "add rule nat postrouting ip saddr", sourceAddr, "oif", oIfName, "snat to", snatToAddr).Run(); err != nil {
+		return fmt.Errorf("failed to add postrouting rule: %w", err)
+	}
+
+	return nil
+}
+
+func disableNat() error {
+	if err := os.WriteFile(procIpv4ForwardPath, []byte("0"), 0644); err != nil {
+		return fmt.Errorf("failed to write %s: %w", procIpv4ForwardPath, err)
+	}
+
+	if err := exec.Command("nft", "delete table nat").Run(); err != nil {
+		return fmt.Errorf("failed to run nft: %w", err)
+	}
+
+	return nil
+}
--- a/internal/network/netif.go
+++ b/internal/network/netif.go
@ -72,8 +72,14 @@ func NewNetworkInterfaceState(opts *NetworkInterfaceOptions) (*NetworkInterfaceS
 		defaultHostname: opts.DefaultHostname,
 		stateLock:       sync.Mutex{},
 		l:               l,
-		onStateChange:   opts.OnStateChange,
-		onInitialCheck:  opts.OnInitialCheck,
+		onStateChange: func(s *NetworkInterfaceState) {
+			s.reconfigureNat(true, "172.16.55.0/24")
+			opts.OnStateChange(s)
+		},
+		onInitialCheck: func(s *NetworkInterfaceState) {
+			s.reconfigureNat(true, "172.16.55.0/24")
+			opts.OnInitialCheck(s)
+		},
 		cbConfigChange:  opts.OnConfigChange,
 		config:          opts.NetworkConfig,
 	}