From 60e2ecca40e1f65e259a2c5ec63cd3da7e5807e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Gramain?= Date: Mon, 3 Jun 2024 21:58:21 +0200 Subject: [PATCH] update nftables --- .DS_Store | Bin 0 -> 6148 bytes .gitignore | 1 + rt-mep/nftables.conf | 9 ++++++--- 3 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 .DS_Store create mode 100644 .gitignore diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..3467727f8719b425c9f2afdaf060fedb7f8888f2 GIT binary patch literal 6148 zcmeHK%}T>S5T1=eQoQt1@a7%_PZj$HvBW3n3rMY0p&>ycc+Am*uca4n-h2Tc!L#4& z3^i+7k0Lq)v)^WZc9U;ICPPGSdb^kq4T&g&GA08I8-)F=JxSEUPRDDkmXp~JceL9W(i*Nn)Rp;GE!Yi^%H`LIW zO1h*v-g`8{+L6DzfAW5C_wf42`+te~yoYTu(S6VfmM}2}i~(cd-!Xui&64d2+Gq?I z1IECb0scOCC}XbJ3WiSyhR^~4Q<#Hb&b9Bi^%N1Ke zNhhbxhtr*%b|^0Fj`e*ACzlJ_XbczwF#|htIpq3(w!Qz4lkCbEFb4h<11>FQ#T1XE ywYB$fTx&h_9LmCRt>8KZlTeBg%cXc98U%LF6JV~`3c>=hAAvxF4aUHaGVlSF5JpP? literal 0 HcmV?d00001 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dbe9c82 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.vscode/ \ No newline at end of file diff --git a/rt-mep/nftables.conf b/rt-mep/nftables.conf index a3917fe..7e09454 100644 --- a/rt-mep/nftables.conf +++ b/rt-mep/nftables.conf @@ -1,5 +1,4 @@ #!/usr/sbin/nft -f -# /etc/nftables.conf flush ruleset @@ -8,11 +7,15 @@ define LAN = eth1 define WAN = eth0 define LAN_SUBNET = 10.100.2.0/24 define WAN_IP = 45.139.163.92 - +define FRONT_HTTP = 10.100.2.254 +define RICK_VM = 10.100.2.252 table inet nat { chain prerouting { type nat hook prerouting priority 0; + iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP; + iifname $WAN udp dport {443} dnat ip to $FRONT_HTTP; + iifname $WAN tcp dport {62142,62169,62420} dnat ip to $RICK_VM; } chain postrouting { @@ -40,4 +43,4 @@ table inet filter { chain output { type filter hook output priority 0; } -} +} \ No newline at end of file