From 0cae154795bf85a83ef6f9f257ce15174cb55d5a Mon Sep 17 00:00:00 2001 From: Thomas Chevalier Date: Sat, 3 Sep 2022 20:05:45 +0200 Subject: [PATCH] =?UTF-8?q?Add=20port=20forwarding=20rules=20for=20Aur?= =?UTF-8?q?=C3=A9lian=20Pinet?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- nat.nft | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/nat.nft b/nat.nft index ce9ba27..f82ef0d 100644 --- a/nat.nft +++ b/nat.nft @@ -22,6 +22,62 @@ table ip nat { elements = { 195.154.165.76, 185.230.78.47 } } + chain fwd_aurelian_pinet{ + # +-----------------------------------------------------+ + # + asyncnomi port forwarding table + + # +------------+------+-----------+-------------+-------+ + # | Service | Port | Protocole | IP | Fwd | + # +------------+------+-----------+-------------+-------| + # | EDT 1 | 8000 | Both | 10.69.9.231 | 52000 | + # | EDT 2 | 8001 | Both | 10.69.9.231 | 52001 | + # | PLYST | 8002 | Both | 10.69.9.231 | 52002 | + # | SSH | 22 | Both | 10.69.9.231 | 52003 | + # | BF | 80 | Both | 10.69.9.231 | 52004 | + # | MediaVault | 2000 | Both | 10.69.9.231 | 52005 | + # | E2EE 1 | 6000 | TCP | 10.69.9.231 | 52006 | + # | E2EE 2 | 6001 | TCP | 10.69.9.231 | 52007 | + # | E2EE 3 | 6002 | TCP | 10.69.9.231 | 52008 | + # | Spare 1 | 2001 | Both | 10.69.9.231 | 52009 | + # | Spare 2 | 2002 | Both | 10.69.9.231 | 52010 | + # | SSH | 22 | Both | 10.69.9.232 | 52011 | + # | E2EE 1 | 6000 | TCP | 10.69.9.232 | 52012 | + # | E2EE 2 | 6001 | TCP | 10.69.9.232 | 52013 | + # | E2EE 3 | 6002 | TCP | 10.69.9.232 | 52014 | + # | Spare 1 | 2001 | Both | 10.69.9.232 | 52015 | + # | Spare 2 | 2002 | Both | 10.69.9.232 | 52016 | + # +------------+------+-----------+-------------+-------+ + tcp dport 52000 dnat to 10.69.9.231:8000 # EDT 1 tcp + udp dport 52000 dnat to 10.69.9.231:8000 # EDT 1 udp + tcp dport 52001 dnat to 10.69.9.231:8001 # EDT 2 tcp + udp dport 52001 dnat to 10.69.9.231:8001 # EDT 2 tcp + tcp dport 52002 dnat to 10.69.9.231:8002 # PLYST tcp + udp dport 52002 dnat to 10.69.9.231:8002 # PLYST udp + tcp dport 52003 dnat to 10.69.9.231:22 # SSH tcp + udp dport 52003 dnat to 10.69.9.231:22 # SSH udp + tcp dport 52004 dnat to 10.69.9.231:80 # BF tcp + udp dport 52004 dnat to 10.69.9.231:80 # BF udp + tcp dport 52005 dnat to 10.69.9.231:2000 # MediaVault tcp + udp dport 52005 dnat to 10.69.9.231:2000 # MediaVault udp + tcp dport 52006 dnat to 10.69.9.231:6000 # E2EE 1 + tcp dport 52007 dnat to 10.69.9.231:6001 # E2EE 1 + tcp dport 52008 dnat to 10.69.9.231:6002 # E2EE 1 + tcp dport 52009 dnat to 10.69.9.231:2001 # Spare 1 tcp + udp dport 52009 dnat to 10.69.9.231:2001 # Spare 1 udp + tcp dport 52010 dnat to 10.69.9.231:2002 # Spare 2 tcp + udp dport 52010 dnat to 10.69.9.231:2002 # Spare 2 udp + + tcp dport 52011 dnat to 10.69.9.232:22 # SSH tcp + udp dport 52011 dnat to 10.69.9.232:22 # SSH udp + tcp dport 52012 dnat to 10.69.9.232:6000 # E2EE 1 + tcp dport 52013 dnat to 10.69.9.232:6001 # E2EE 1 + tcp dport 52014 dnat to 10.69.9.232:6002 # E2EE 1 + tcp dport 52015 dnat to 10.69.9.232:2001 # Spare 1 tcp + udp dport 52015 dnat to 10.69.9.232:2001 # Spare 1 udp + tcp dport 52016 dnat to 10.69.9.232:2002 # Spare 2 tcp + udp dport 52016 dnat to 10.69.9.232:2002 # Spare 2 udp + } + + chain prerouting { type nat hook prerouting priority 0; ip saddr $range_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server; @@ -31,6 +87,10 @@ table ip nat { meta iif $if_supelec ip daddr $ip_self_public tcp dport 51001 counter dnat to 10.69.3.116:80 meta iif $if_supelec ip daddr $ip_self_public tcp dport 51002 counter dnat to 10.69.3.116:443 + # Serveur de Aurélian Pinet + meta iif $if_supelec ip daddr $ip_self_public tcp dport 52000-52016 jump fwd_aurelian_pinet + meta iif $if_supelec ip daddr $ip_self_public udp dport 52000-52016 jump fwd_aurelian_pinet + #ip saddr @radius_federez ip daddr $ip_self_public tcp dport { 636, 389 } dnat $ip_radius; #ip saddr @radius_federez ip daddr $ip_self_public udp dport { 636, 1812 } dnat $ip_radius; }