vasco/FSI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vasco:956e79e4f9247ae3eca034cb21ca06201ab9a336
Branches Tags
vasco:main vasco:secret_branch
..
compare: vasco:0ea54c3c2a4a77ffe25dd9af31851d6406fbe781
Branches Tags
vasco:main vasco:secret_branch

2 Commits
956e79e4f9 ... 0ea54c3c2a

Author SHA1 Message Date
jelly Tomas
0ea54c3c2a Merge branch 'main' of https://git.vascoalves.xyz/vasco/FSI 2026-03-16 10:01:34 +00:00
jelly Tomas
52f8aa59a2 BODACIOUS 2026-03-16 10:00:33 +00:00
1 changed files with 16 additions and 11 deletions
Expand all files Collapse all files

27
ROUTER.sh
View File

@@ -17,13 +17,23 @@ eden="193.138.212.1"
# ============================== # ==============================
# ============================== # ==============================
# DMZ # DMZ /25
# IP: # IP:
# - dns : 23.214.219.129 # - dns : 23.214.219.129
# - dns2 : 23.214.219.130 # - dns2 : 23.214.219.130
# - smtp : 23.214.219.131 # - smtp : 23.214.219.131
# - www : 23.214.219.132 # - www : 23.214.219.132
# - # - vpn-gw: 23.214.219.133
# ==============================
# ==============================
# Internal
# IP:
# ftp: 192.168.10.1
# datastore : 192.168.10.2
# DHCP Client : 192.168.10.3-5
# ==============================
sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128 sudo ifconfig enp0s8 23.214.219.254 netmask 255.255.255.128
sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128 sudo ifconfig enp0s9 192.168.10.254 netmask 255.255.255.128
sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0 sudo ifconfig enp0s3 87.248.214.97 netmask 255.255.255.0
@@ -39,10 +49,11 @@ iptables -P OUTPUT ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE sudo iptables -t nat -A POSTROUTING -o enp0s3 -j MASQUERADE
#DNS name resolution requests sent to outside servers and want a response: //O ip ainda tem de mudar #DNS name resolution requests sent to outside servers and want a response:
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -i enp0s3 -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT
#SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn #SSH connections to the router system that originate from the inside and want an answer:É preciso outra regra uma para a port enp0s9 e o ip do vpn
sudo iptables -A FORWARD -p tcp -dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT sudo iptables -A FORWARD -i enp0s9 -o enp0s3 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A FORWARD -o enp0s3 -d 23.214.219.133 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
#The dns server should be able to resolve names using the internet (and others???) #The dns server should be able to resolve names using the internet (and others???)
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.129 -p udp --dport 53 -j ACCEPT
sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53 -j ACCEPT
@@ -50,9 +61,3 @@ sudo iptables -A FORWARD -i enp0s8 -o enp0s3 -s 23.214.219.130 -p udp --dport 53
sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22 sudo iptables -A FORWARD -i enp0s8 -s 23.214.219.129 -p tcp --sport 22
# Unsure these will work # Unsure these will work
sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131 sudo iptables -A FORWARD -i enp0s9 -s 23.214.219.131
#There might be a need to foward and input to, because of the nat?
#Dont use static ip address for internet related rules
sudo ifconfig enp0s8 23.214.219.129 netmask 255.255.255.128
sudo ip route add default via 23.214.219.254