diff options
| author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-01-22 19:42:59 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-01-25 01:14:05 +0100 |
| commit | 2d9152d509da7fb6b4d156b094ca7525358634bd (patch) | |
| tree | fa0d4a8c0fb69bf9336627dca232dcbb136c37e0 /nixos/tests | |
| parent | 8322a12ef2ce6ea5a239b2221aa6f9a2fe84d904 (diff) | |
nixos/tests/nat: add test for conntrack helper autoloading
Diffstat (limited to 'nixos/tests')
| -rw-r--r-- | nixos/tests/nat.nix | 47 |
1 files changed, 32 insertions, 15 deletions
diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix index b16260be38c4..74e20bff8d81 100644 --- a/nixos/tests/nat.nix +++ b/nixos/tests/nat.nix @@ -3,34 +3,47 @@ # client on the inside network, a server on the outside network, and a # router connected to both that performs Network Address Translation # for the client. -import ./make-test.nix ({ pkgs, withFirewall, ... }: +import ./make-test.nix ({ pkgs, lib, withFirewall, withConntrackHelpers ? false, ... }: let unit = if withFirewall then "firewall" else "nat"; in { - name = "nat${if withFirewall then "WithFirewall" else "Standalone"}"; - meta = with pkgs.stdenv.lib.maintainers; { + name = "nat" + (if withFirewall then "WithFirewall" else "Standalone") + + (lib.optionalString withConntrackHelpers "withConntrackHelpers"); + meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ eelco chaoflow rob wkennington ]; }; nodes = { client = { config, pkgs, nodes, ... }: - { virtualisation.vlans = [ 1 ]; - networking.firewall.allowPing = true; - networking.defaultGateway = - (pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ip4).address; - }; + lib.mkMerge [ + { virtualisation.vlans = [ 1 ]; + networking.firewall.allowPing = true; + networking.defaultGateway = + (pkgs.lib.head nodes.router.config.networking.interfaces.eth2.ip4).address; + } + (lib.optionalAttrs withConntrackHelpers { + networking.firewall.connectionTrackingModules = [ "ftp" ]; + networking.firewall.autoLoadConntrackHelpers = true; + }) + ]; router = { config, pkgs, ... }: - { virtualisation.vlans = [ 2 1 ]; - networking.firewall.enable = withFirewall; - networking.firewall.allowPing = true; - networking.nat.enable = true; - networking.nat.internalIPs = [ "192.168.1.0/24" ]; - networking.nat.externalInterface = "eth1"; - }; + lib.mkMerge [ + { virtualisation.vlans = [ 2 1 ]; + networking.firewall.enable = withFirewall; + networking.firewall.allowPing = true; + networking.nat.enable = true; + networking.nat.internalIPs = [ "192.168.1.0/24" ]; + networking.nat.externalInterface = "eth1"; + } + (lib.optionalAttrs withConntrackHelpers { + networking.firewall.connectionTrackingModules = [ "ftp" ]; + networking.firewall.autoLoadConntrackHelpers = true; + }) + ]; server = { config, pkgs, ... }: @@ -65,6 +78,10 @@ import ./make-test.nix ({ pkgs, withFirewall, ... }: $server->succeed("echo Hello World > /home/ftp/foo.txt"); $client->succeed("curl -v ftp://server/foo.txt >&2"); + # Test whether active FTP works. + $client->${if withConntrackHelpers then "succeed" else "fail"}( + "curl -v -P - ftp://server/foo.txt >&2"); + # Test ICMP. $client->succeed("ping -c 1 router >&2"); $router->succeed("ping -c 1 client >&2"); |