Differences

This shows you the differences between two versions of the page.

--- computers:firewall_configuration [2011/08/25 00:51] – chkuo
+++ computers:firewall_configuration [2020/08/16 00:13] (current) – [References] chkuo
@@ Line 1: / Line 1: @@
 ====== Firewall configuration ======
-===== iptables masquerading =====
+===== Source NAT =====
-First enable IPv4 packet forwarding by editing ''/etc/sysctl.conf'', uncomment the following line:
+First enable IPv4 packet forwarding by editing ''/etc/sysctl.conf'', uncomment (or add) the following line:
 <code bash>
 net.ipv4.ip_forward=1
 </code>
+Apply by ''sudo sysctl -p''
-Then add the following line to ''/etc/rc.local'' (so the rule is enabled on reboot):
+Then add the following lines to ''/etc/rc.local'' (so the rule is enabled on reboot):
 <code bash>
-iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o eth1 -j MASQUERADE
+# source NAT
+# alter the source address of the packets from the internal network
+Ext_IF="eth0"
+Ext_IP="1.1.1.1"
+Int_IF="eth1"
+Int_Net="192.168.1.0/24"
+iptables -t nat -A POSTROUTING -s $Int_Net -o $Ext_IF -j SNAT --to-source $Ext_IP
+iptables -A FORWARD -s $Int_Net -o $Ext_IF -j ACCEPT
+iptables -A FORWARD -d $Int_Net -i $Int_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
 </code>
+===== Destination NAT =====
+<code bash>
+# destination NAT
+# forward ssh to Int_IP if the external IP Ext_IP_2 was used
+Ext_IP_2="1.1.1.2"
+Int_IP="192.168.1.2"
+iptables -t nat -I PREROUTING -p tcp -d $Ext_IP_2 --dport 22 -j DNAT --to-destination $Int_IP:22
+iptables -A FORWARD -i $Ext_IF -o $Int_IF -p tcp --dport 22 -j ACCEPT
+</code>
+===== Monitoring =====
+<code bash>
+sudo iptables -t nat -L
+</code>
 ===== References =====
   * [[https://help.ubuntu.com/10.04/serverguide/C/firewall.html]]
+  * [[https://www.networkreverse.com/2020/06/how-to-build-linux-router-with-ubuntu.html]]