vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Testing DNAT and SNAT

Browse Source
This commit is contained in:
jelly Tomas
2026-03-21 12:51:42 +00:00
parent ecb833a122
commit 5d2a2e414f
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
INTERNET.sh
View File

@@ -10,6 +10,6 @@ sudo systemctl mask firewalld
sudo systemctl enable iptables sudo systemctl enable iptables
sudo iptables -F sudo iptables -F
sudo ifconfig enp0s8 $ip netmask $mask24 sudo ifconfig enp0s8 $ip netmask $mask24
sudo add default gw $routerIp sudo route add default gw $routerIp
sudo ip addr add $dns2 dev enp0s8 sudo ip addr add $dns2 dev enp0s8
sudo ip addr add $eden dev enp0s8 sudo ip addr add $eden dev enp0s8

13
ROUTER.sh
View File

@@ -5,8 +5,8 @@
# MACHINES: # MACHINES:
# DNS2: 192.137.16.75 # DNS2: 192.137.16.75
# EDEN 193.138.212.1 # EDEN 193.138.212.1
dns2="192.137.16.75" dns2="87.248.214.99"
eden="193.138.212.1" eden="87.248.214.100"
# ============================== # ==============================
# Router 1 # Router 1
@@ -83,13 +83,16 @@ sudo iptables -A FORWARD -i enp0s9 -o enp0s8 -d 23.214.219.133 -p udp --sport 11
#VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore #VPN clients connected to the gateway vpn-gw ???? vpn should be able to acess ftp e datastore
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT #NEDDS testing sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.2 -j ACCEPT #NEDDS testing
sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT #NEDDS testing sudo iptables -A FORWARD -i enp0s8 -o enp0s9 -s 23.214.219.133 -d 192.168.10.3 -j ACCEPT #NEDDS testing
#FTP da internet WORRIED #FTP da internet WORRIED ???
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --sport 21 -j ACCEPT #Changed sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.2 -p tcp --sport 21 -j ACCEPT #Changed
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 20 -j ACCEPT #MIGHT BE NEEDED
#SSH CONNECTIONS datastore server but only from eden or dn2 #SSH CONNECTIONS datastore server but only from eden or dn2 DNAT -s servers, and port and -d interface
sudo iptables -t nat -A PREROUTING -s $dn2 -d 87.248.214.97 -p tcp --sport 22 -j DNAT --to destination 192.168.10.3
sudo iptables -t nat -A PREROUTING -s $eden -d 87.248.214.97 -p tcp --sport 22 -j DNAT --to destination 192.168.10.3
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --sport 22 -j ACCEPT #Need to check and make diferent ip addresses sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $dns2 -p tcp --sport 22 -j ACCEPT #Need to check and make diferent ip addresses
sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --sport 22 -j ACCEPT sudo iptables -A FORWARD -i enp0s10 -o enp0s9 -d 192.168.10.3 -s $eden -p tcp --sport 22 -j ACCEPT
#enp0s9 to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) #enp0s9 to internet DNS, http, https, ssh, FTP(SERVERS??????(WHO INVITED THIS GUY)) SNAT
sudo iptables -t nat -A POSTROUTING -i enp0s9 -o enp0s10 -j SNAT --to-source 87.248.214.97
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --sport 53 -j ACCEPT #TESTED sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p udp --sport 53 -j ACCEPT #TESTED
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 80 -j ACCEPT #TESTED sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 80 -j ACCEPT #TESTED
sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 443 -j ACCEPT #TESTED sudo iptables -A FORWARD -i enp0s9 -o enp0s10 -p tcp --sport 443 -j ACCEPT #TESTED