use in-Nebula SNAT to send IPv4 UnsafeNetworks traffic over an IPv6 overlay

2026-02-15 01:04:22 +01:00 · 2026-01-14 12:36:55 -06:00
parent 39452b5eec
commit c2a63499ac
22 changed files with 770 additions and 210 deletions
--- a/interface.go
+++ b/interface.go
@@ -56,6 +56,7 @@ type Interface struct {
 	inside                overlay.Device
 	pki                   *PKI
 	firewall              *Firewall
+	snatAddr              netip.Addr
 	connectionManager     *connectionManager
 	handshakeManager      *HandshakeManager
 	serveDns              bool
@@ -339,7 +340,7 @@ func (f *Interface) reloadFirewall(c *config.C) {
 		return
 	}

-	fw, err := NewFirewallFromConfig(f.l, f.pki.getCertState(), c)
+	fw, err := NewFirewallFromConfig(f.l, f.pki.getCertState(), c, f.firewall.snatAddr)
 	if err != nil {
 		f.l.WithError(err).Error("Error while creating firewall during reload")
 		return