Differences

This shows you the differences between two versions of the page.

--- computers:firewall_configuration [2011/08/10 01:34] – created chkuo
+++ computers:firewall_configuration [2020/08/16 00:13] (current) – [References] chkuo
@@ Line 1: / Line 1: @@
 ====== Firewall configuration ======
+===== Source NAT =====
+First enable IPv4 packet forwarding by editing ''/etc/sysctl.conf'', uncomment (or add) the following line:
+<code bash>
+net.ipv4.ip_forward=1
+</code>
+Apply by ''sudo sysctl -p''
+Then add the following lines to ''/etc/rc.local'' (so the rule is enabled on reboot):
+<code bash>
+# source NAT
+# alter the source address of the packets from the internal network
+Ext_IF="eth0"
+Ext_IP="1.1.1.1"
+Int_IF="eth1"
+Int_Net="192.168.1.0/24"
+iptables -t nat -A POSTROUTING -s $Int_Net -o $Ext_IF -j SNAT --to-source $Ext_IP
+iptables -A FORWARD -s $Int_Net -o $Ext_IF -j ACCEPT
+iptables -A FORWARD -d $Int_Net -i $Int_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
+</code>
-[[https://help.ubuntu.com/10.04/serverguide/C/firewall.html]]
+===== Destination NAT =====
+<code bash>
+# destination NAT
+# forward ssh to Int_IP if the external IP Ext_IP_2 was used
+Ext_IP_2="1.1.1.2"
+Int_IP="192.168.1.2"
+iptables -t nat -I PREROUTING -p tcp -d $Ext_IP_2 --dport 22 -j DNAT --to-destination $Int_IP:22
+iptables -A FORWARD -i $Ext_IF -o $Int_IF -p tcp --dport 22 -j ACCEPT
+</code>
+===== Monitoring =====
+<code bash>
+sudo iptables -t nat -L
+</code>
+===== References =====
+  * [[https://help.ubuntu.com/10.04/serverguide/C/firewall.html]]
+  * [[https://www.networkreverse.com/2020/06/how-to-build-linux-router-with-ubuntu.html]]