Re: [Fwbuilder-discussion] Beginner NAT question
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] Beginner NAT question
|
From: Vadim K. ✎ <va...@vk...> - 2009-05-15 14:37:35
|
On May 15, 2009, at 4:20 AM, Karl Auer wrote: > I've been asked to add these rules to a firewall: > > iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to 10.0.1.203 > iptables -I FORWARD -i vif0 -o eth0 -j ACCEPT > iptables -I FORWARD -i vif2 -o eth0 -j ACCEPT > iptables -I FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j > ACCEPT > > I must shamefacedly admit that I have no clue where to begin modeling > these rules in FWBuilder. > > Having read the NAT howto I'm am not much wiser. I could just stick > these rules in as a prologue or epilogue, I guess, but that seems to > be > against the spirit of the game :-) And I *really* don't want to revert > to a handcoded iptables script. > > I would be very grateful if someone could get me started. > the first rule is just a standard NAT rule which you can get if you put interface object representing interface eth0 in "Translated Source" (assuming this interface as address 10.0.1.203) there is no way to generate rules with both "-i" and "-o". You can have the equivalent combination if you create a rule with interface vif0, direction inbound and action "chain" pointing to a separate rule set. In that rule set you can add another rule with interface eth0, direction outbound. The last rule is added automatically when checkbox "accept ESTABLISHEd,RELATED" is checked in the advanced firewall settings dialog. Vadim Kurland ✍ va...@vk... |