From 5d2a2e414fb4c240c987b5d9b792a275309fca50 Mon Sep 17 00:00:00 2001
From: jelly Tomas <João Neto>
Date: Sat, 21 Mar 2026 12:51:42 +0000
Subject: [PATCH] Testing DNAT and SNAT

---
 INTERNET.sh |  2 +-
 ROUTER.sh   | 15 +++++++++------
 2 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/INTERNET.sh b/INTERNET.sh
index bf69423..2ad8453 100644
--- a/INTERNET.sh
+++ b/INTERNET.sh
@@ -10,6 +10,6 @@ sudo systemctl mask firewalld
 sudo systemctl enable iptables
 sudo iptables -F
 sudo ifconfig enp0s8 $ip netmask $mask24
-sudo add default gw $routerIp
+sudo route add default gw $routerIp
 sudo ip addr add $dns2 dev enp0s8
 sudo ip addr add $eden dev enp0s8
\ No newline at end of file
diff --git a/ROUTER.sh b/ROUTER.sh
index ee82729..f9073ad 100644
--- a/ROUTER.sh
+++ b/ROUTER.sh
@@ -5,8 +5,8 @@
 # MACHINES:
 # DNS2: 192.137.16.75
 # EDEN 193.138.212.1
-dns2="192.137.16.75"
-eden="193.138.212.1"
+dns2="87.248.214.99"
+eden="87.248.214.100"
 
 # ==============================
 # Router 1
@@ -83,14 +83,17 @@ sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --sport 11
 #VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
 sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT #NEDDS testing
 sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT #NEDDS testing
-#FTP da internet WORRIED
+#FTP da internet WORRIED ???
 sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --sport 21 -j ACCEPT #Changed
 sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED
-#SSH CONNECTIONS datastore server but only from eden or dn2
+#SSH CONNECTIONS datastore server but only from eden or dn2 DNAT -s servers, and port and -d interface
+sudo iptables -t nat -A PREROUTING -s $dn2 -d 87.248.214.97 -p tcp --sport 22 -j DNAT --to destination 192.168.10.3
+sudo iptables -t nat -A PREROUTING -s $eden -d 87.248.214.97 -p tcp --sport 22 -j DNAT --to destination 192.168.10.3
 sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --sport 22 -j ACCEPT #Need to check and make diferent ip addresses
 sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --sport 22 -j ACCEPT
-#enp0s9 to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY))
+#enp0s9 to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) SNAT
+sudo iptables -t nat -A POSTROUTING -i enp0s9 -o enp0s10 -j SNAT --to-source 87.248.214.97
 sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --sport 53 -j ACCEPT #TESTED
 sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 80 -j ACCEPT #TESTED
 sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 443 -j ACCEPT #TESTED
-sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT #MIGHT NOT BE ENOUGH
+sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 21 -j ACCEPT #MIGHT NOT BE ENOUGH
\ No newline at end of file