Created
November 28, 2023 03:26
-
-
Save WesleyCh3n/d36ec33a263560151dee65f4cf43a78b to your computer and use it in GitHub Desktop.
iptables forwarding (router setting)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Let NetworkManager manage all devices on this system | |
| network: | |
| version: 2 | |
| renderer: NetworkManager | |
| ethernets: | |
| enp4s0: | |
| dhcp4: true | |
| enp5s0: | |
| addresses: | |
| - 192.168.80.1/24 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export WANIF="enp4s0" | |
| export LANIF="enp5s0" | |
| export INNET="192.168.80.0/24" | |
| export COMP1="192.168.80.2" | |
| echo Public Interface [WANIF]: $WANIF | |
| echo Private Interface [LANIF]: $LANIF | |
| echo Private IP range: $INNET | |
| echo LAN Computer 1 IP: $COMP1 | |
| #================================================================================ | |
| # Flush All Rules | |
| iptables -F | |
| iptables -X | |
| iptables -Z | |
| iptables -t nat -F | |
| iptables -t nat -X | |
| iptables -t nat -Z | |
| #================================================================================ | |
| # Basic Policy | |
| iptables -P INPUT DROP # Drop Every Input | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD ACCEPT | |
| # Accept localhost input | |
| iptables -A INPUT -i lo -j ACCEPT | |
| # Accept from host or already established | |
| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| #================================================================================ | |
| # Allow Router Service | |
| # SSH | |
| # allow ssh from WAN | |
| iptables -A INPUT -p TCP -i $WANIF --dport 22 -j ACCEPT # SSH | |
| # allow LAN hosts ssh to linux router | |
| iptables -A INPUT -p TCP -i $LANIF --dport 22 -j ACCEPT # SSH | |
| # allow rdp | |
| iptables -A INPUT -p TCP -i $WANIF --dport 3389 -j ACCEPT # RDP | |
| #================================================================================ | |
| # NAT Setting | |
| iptables -t nat -P PREROUTING ACCEPT | |
| iptables -t nat -P POSTROUTING ACCEPT | |
| iptables -t nat -P OUTPUT ACCEPT | |
| # iptables -A FORWARD -i $WANIF -o $LANIF -m state \ | |
| # --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A INPUT -i $LANIF -j ACCEPT | |
| iptables -t nat -A POSTROUTING -s $INNET -o $WANIF -j MASQUERADE | |
| #================================================================================ | |
| # Port forward from LAN to WAN | |
| # Web | |
| iptables -t nat -A PREROUTING -p tcp -i $WANIF --dport 5173 \ | |
| -j DNAT --to-destination $COMP1:5173 | |
| # RDP | |
| iptables -t nat -A PREROUTING -p tcp -i $WANIF --dport 3390 \ | |
| -j DNAT --to-destination $COMP1:3389 | |
| #================================================================================ | |
| # Save persistently | |
| iptables-save > /etc/iptables/rules.v4 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment