Rules changed, now testing

ROUTER.sh

@@ -23,6 +23,7 @@ eden="193.138.212.1"
 # - smtp : 23.214.219.131
 # - www : 23.214.219.132
 # - vpn-gw: 23.214.219.133
+# - mail: 23.214.219.134
 # ==============================
 
 # ==============================
@@ -35,7 +36,7 @@ eden="193.138.212.1"
 
 sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
 sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.0
-sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
+sudo ifconfig enp0s10 87.248.214.97 netmask 255.255.255.0
 
 sudo yum install iptables-services -y
 sudo systemctl stop firewalld
@@ -51,36 +52,45 @@ iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 sudo iptables -A INPUT -i lo -j ACCEPT
 sudo iptables -A OUTPUT -o lo -j ACCEPT
-sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
+#sudo iptables -t nat -A POSTROUTING -i enp0s9 -o enp0s3 -j MASQUERADE #SUS
-#DNS name resolution requests sent to outside servers and want a response:TODO:INPUT
+sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #CAREFULL
-sudo iptables -A FORWARD -i enp0s3 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+#DNS name resolution requests sent to outside servers and want a response:
-#SSH connections to the router system that originate from the inside and want an answer:TODO:INPUT
+sudo iptables -A INPUT -i enp0s10 -p udp --sport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s3 -o enp0s9 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
+#SSH connections to the router system that originate from the inside and want an answer:
-sudo iptables -A FORWARD -i enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A INPUT -i enp0s9 -p tcp --sport 22 -j ACCEPT #TESTED
+sudo iptables -A INPUT -i enp0s8 -s 23.214.219.133 -p tcp --sport 22 -j ACCEPT #TESTED
 #The dns server should be able to resolve names using the internet (and others???)
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p udp --sport 53 -j ACCEPT #NEED to test
 #The internal network should be able to send and recieve dns name resolutions to the dns server (1!)
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.130 -p udp --sport 53 -j ACCEPT #CORRECT AND TESTED WILL ACTIVATE WHEN YOU SEND FROM ENP0S9 to ENP0S8
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT #THIS IS IMPORTANT AND MIGHT FUCK US
 #The dns and dns2 servers should be able to synchronize the contents of DNS zones. (protocol tcp port 53)
-sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -d 193.137.16.75 -p tcp --dport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s10 -s 23.214.219.130 -p tcp --sport 53 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s3 -o enp0s8 -d 23.214.219.130 -p tcp --dport 53 -j ACCEPT
 #SMTP connections to the smtp server and returns
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --dport 587 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.131 -p tcp --sport 587 -j ACCEPT #Changed
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
+#sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 587 -m state --state ESTABLISHED,RELATED -j ACCEPT
 #POP and IMAP connections to the www server
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 80 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --sport 143 -j ACCEPT #Changed
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --dport 443 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.134 -p tcp --sport 110 -j ACCEPT #Changed
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT 
+#HTTP and HTTPS connectins
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --sport 80 -j ACCEPT #Changed
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.132 -p tcp --sport 443 -j ACCEPT #Changed
+#sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 80 -m state --state ESTABLISHED,RELATED -j ACCEPT 
+#sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p tcp --dport 443 -m state --state ESTABLISHED,RELATED -j ACCEPT
 #OpenVPN connections to the vpn-gw server
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --dport 1194 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --sport 1194 -j ACCEPT #Changed
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 1194 -j ACCEPT
+#sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -p udp --dport 1194 -j ACCEPT
 #VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -d 192.168.10.1 -p tcp --dport ftp -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.1 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -d 192.168.10.2 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT
-sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -j ACCEPT
+#FTP da internet WORRIED
-# Apartir daqui foi só para testar se as conecções funcionavam
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.1 -p tcp --sport 21 -j ACCEPT #Changed
-sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.130 -p tcp --sport 22 
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED
-# Unsure these will work
+#SSH CONNECTIONS datastore server but only from eden or dn2
-sudo iptables -A FORWARD -i enp0s9 -d 23.214.219.131
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -s $dns2 -p tcp --sport 22 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -s $eden -p tcp --sport 22 -j ACCEPT
+#enp0s9 to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY))
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --sport 53 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 80 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 443 -j ACCEPT
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT #MIGHT NOT BE ENOUGH