Last change
on this file since 13 was
13,
checked in by mitty, 15 years ago
|
- NEW setfilter now sets nat table
- this feature clashes with setnapt.sh because both of them reset nat table
- do not use them (setfilter and setnapt.sh) at the same same time
- accept connections to local services from WAN
- ACCEPT and REDIRECT examples
|
File size:
535 bytes
|
Rev | Line | |
---|
[13] | 1 | # |
---|
| 2 | # This file is used by /etc/init.d/setfilter |
---|
| 3 | # |
---|
| 4 | # Rules that should be stored in nat table. |
---|
| 5 | # These are mainly used to IP MASQUERADE and REDIRECT. |
---|
| 6 | |
---|
| 7 | |
---|
| 8 | *nat |
---|
| 9 | |
---|
| 10 | ## IP MASQUERADE to WAN(eth1) |
---|
| 11 | -A POSTROUTING -o eth1 -j MASQUERADE |
---|
| 12 | |
---|
| 13 | ## port REDIRECT to local services |
---|
| 14 | # 8443/tcp -> 443/tcp |
---|
| 15 | -A PREROUTING -p tcp --dport 8443 -j REDIRECT --to-port 443 |
---|
| 16 | # WAN 8000/tcp -> 443/tcp |
---|
| 17 | -A PREROUTING -p tcp -i eth1 --dport 8000 -j REDIRECT --to-port 443 |
---|
| 18 | # LAN 8000/tcp -> 22/tcp |
---|
| 19 | -A PREROUTING -p tcp -i eth0 --dport 8000 -j REDIRECT --to-port 22 |
---|
| 20 | |
---|
| 21 | COMMIT |
---|
Note: See
TracBrowser
for help on using the repository browser.