Differences

This shows you the differences between two versions of the page.

--- computers:firewall_configuration [2011/08/31 00:17] – chkuo
+++ computers:firewall_configuration [2020/08/16 00:13] (current) – [References] chkuo
@@ Line 5: / Line 5: @@
 net.ipv4.ip_forward=1
 </code>
+Apply by ''sudo sysctl -p''
 Then add the following lines to ''/etc/rc.local'' (so the rule is enabled on reboot):
@@ Line 11: / Line 12: @@
 # alter the source address of the packets from the internal network
 Ext_IF="eth0"
-Ext_IP="140.109.56.179"
+Ext_IP="1.1.1.1"
-Int_IF="eth3"
+Int_IF="eth1"
-iptables -t nat -A POSTROUTING -s 192.168.1.0/16 -o $Ext_IF -j SNAT --to-source $Ext_IP
+Int_Net="192.168.1.0/24"
-iptables -A FORWARD -s 192.168.1.0/16 -o $Ext_IF -j ACCEPT
+iptables -t nat -A POSTROUTING -s $Int_Net -o $Ext_IF -j SNAT --to-source $Ext_IP
-iptables -A FORWARD -d 192.168.1.0/16 -i $Int_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
+iptables -A FORWARD -s $Int_Net -o $Ext_IF -j ACCEPT
+iptables -A FORWARD -d $Int_Net -i $Int_IF -m state --state ESTABLISHED,RELATED -j ACCEPT
 </code>
@@ Line 21: / Line 23: @@
 <code bash>
 # destination NAT
-# forward ssh to workstation with the internal ip 192.168.1.2
+# forward ssh to Int_IP if the external IP Ext_IP_2 was used
-Ext_IF_2="eth0:0"
+Ext_IP_2="1.1.1.2"
 Int_IP="192.168.1.2"
-iptables -t nat -I PREROUTING -p tcp -i $Ext_IF_2 --dport 22 -j DNAT --to-destination $Int_IP:22
+iptables -t nat -I PREROUTING -p tcp -d $Ext_IP_2 --dport 22 -j DNAT --to-destination $Int_IP:22
-iptables -A FORWARD -i $Ext_IF_2 -o $Int_IF -p tcp --dport 22 -j ACCEPT
+iptables -A FORWARD -i $Ext_IF -o $Int_IF -p tcp --dport 22 -j ACCEPT
 </code>
@@ Line 39: / Line 41: @@
 ===== References =====
   * [[https://help.ubuntu.com/10.04/serverguide/C/firewall.html]]
+  * [[https://www.networkreverse.com/2020/06/how-to-build-linux-router-with-ubuntu.html]]