computers:firewall_configuration
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
computers:firewall_configuration [2011/08/10 01:34] – created chkuo | computers:firewall_configuration [2020/08/16 00:13] (current) – [References] chkuo | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Firewall configuration ====== | ====== Firewall configuration ====== | ||
+ | ===== Source NAT ===== | ||
+ | First enable IPv4 packet forwarding by editing ''/ | ||
+ | <code bash> | ||
+ | net.ipv4.ip_forward=1 | ||
+ | </ | ||
+ | Apply by '' | ||
+ | Then add the following lines to ''/ | ||
+ | <code bash> | ||
+ | # source NAT | ||
+ | # alter the source address of the packets from the internal network | ||
+ | Ext_IF=" | ||
+ | Ext_IP=" | ||
+ | Int_IF=" | ||
+ | Int_Net=" | ||
+ | iptables -t nat -A POSTROUTING -s $Int_Net -o $Ext_IF -j SNAT --to-source $Ext_IP | ||
+ | iptables -A FORWARD -s $Int_Net -o $Ext_IF -j ACCEPT | ||
+ | iptables -A FORWARD -d $Int_Net -i $Int_IF -m state --state ESTABLISHED, | ||
+ | </ | ||
- | [[https:// | + | ===== Destination NAT ===== |
+ | <code bash> | ||
+ | # destination NAT | ||
+ | # forward ssh to Int_IP if the external IP Ext_IP_2 was used | ||
+ | Ext_IP_2=" | ||
+ | Int_IP=" | ||
+ | iptables -t nat -I PREROUTING -p tcp -d $Ext_IP_2 --dport 22 -j DNAT --to-destination $Int_IP: | ||
+ | iptables -A FORWARD -i $Ext_IF -o $Int_IF -p tcp --dport 22 -j ACCEPT | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== Monitoring ===== | ||
+ | <code bash> | ||
+ | sudo iptables -t nat -L | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | ===== References ===== | ||
+ | * [[https:// | ||
+ | * [[https:// |
computers/firewall_configuration.1312911242.txt.gz · Last modified: 2011/08/10 01:34 by chkuo