trunk
|
Last change
on this file since 71b798c was
71b798c,
checked in by mitty <mitty@…>, 16 years ago
|
- NEW setfilter now sets nat table
- this feature clashes with setnapt.sh because both of them reset nat table
- do not use them (setfilter and setnapt.sh) at the same same time
- accept connections to local services from WAN
- ACCEPT and REDIRECT examples
git-svn-id: https://lab.mitty.jp/svn/lab/trunk@13 7d2118f6-f56c-43e7-95a2-4bb3031d96e7
|
-
Property mode set to
100644
|
|
File size:
535 bytes
|
| Line | |
|---|
| 1 | # |
|---|
| 2 | # This file is used by /etc/init.d/setfilter |
|---|
| 3 | # |
|---|
| 4 | # Rules that should be stored in nat table. |
|---|
| 5 | # These are mainly used to IP MASQUERADE and REDIRECT. |
|---|
| 6 | |
|---|
| 7 | |
|---|
| 8 | *nat |
|---|
| 9 | |
|---|
| 10 | ## IP MASQUERADE to WAN(eth1) |
|---|
| 11 | -A POSTROUTING -o eth1 -j MASQUERADE |
|---|
| 12 | |
|---|
| 13 | ## port REDIRECT to local services |
|---|
| 14 | # 8443/tcp -> 443/tcp |
|---|
| 15 | -A PREROUTING -p tcp --dport 8443 -j REDIRECT --to-port 443 |
|---|
| 16 | # WAN 8000/tcp -> 443/tcp |
|---|
| 17 | -A PREROUTING -p tcp -i eth1 --dport 8000 -j REDIRECT --to-port 443 |
|---|
| 18 | # LAN 8000/tcp -> 22/tcp |
|---|
| 19 | -A PREROUTING -p tcp -i eth0 --dport 8000 -j REDIRECT --to-port 22 |
|---|
| 20 | |
|---|
| 21 | COMMIT |
|---|
Note: See
TracBrowser
for help on using the repository browser.
