Commit ccdcf935 authored by Kaarle Ritvanen's avatar Kaarle Ritvanen

test: filter-dnat: port range, no IPv4 address

parent 13773e66
......@@ -11,6 +11,11 @@
"dest": "192.168.0.2",
"service": "http",
"dnat": { "addr": "10.0.0.2", "port": 8080 }
},
{
"in": "A",
"service": "ssh",
"dnat": { "addr": "10.0.0.3", "port": "8022-8033" }
}
]
}
This diff is collapsed.
......@@ -20,6 +20,7 @@
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp --dport 25 -d 10.0.0.1 -j ACCEPT
-A FORWARD -i eth0 -p tcp --dport 8080 -d 10.0.0.2 -j ACCEPT
-A FORWARD -i eth0 -p tcp --dport 8022:8033 -d 10.0.0.3 -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
......@@ -100,6 +101,7 @@
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 25 -d 10.0.0.1 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 8080 -d 10.0.0.2 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 8022:8033 -d 10.0.0.3 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
-A INPUT
......@@ -206,6 +208,7 @@ COMMIT
-A POSTROUTING -m set --match-set awall-masquerade src -j masquerade
-A PREROUTING -i eth0 -p tcp --dport 25 -d 192.168.0.1 -j DNAT --to-destination 10.0.0.1
-A PREROUTING -i eth0 -p tcp --dport 80 -d 192.168.0.2 -j DNAT --to-destination 10.0.0.2:8080
-A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination 10.0.0.3:8022-8033
-A PREROUTING -i eth0 -j REDIRECT
-A PREROUTING -i eth1 -s 10.0.0.0/12 -j REDIRECT
-A masquerade -m set ! --match-set awall-masquerade dst -j MASQUERADE
......
......@@ -17,6 +17,7 @@
:logpass-1 - [0:0]
:logpass-2 - [0:0]
-A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -p tcp --dport 22 -j ACCEPT
-A FORWARD -j ACCEPT
-A FORWARD -j logdrop-0
-A FORWARD
......@@ -68,6 +69,7 @@
-A INPUT -m limit --limit 1/second -j LOG
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
-A INPUT -j ACCEPT
-A INPUT -j logdrop-0
-A INPUT
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment