Danke lubux,
ich kommentierte folgendes in der interfaces aus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 | auto vmbr1
iface vmbr1 inet static
address 192.168.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
#------------------------ Nur zum Testen Ubuntu Forum!
#post-up echo 1 > /proc/sys/net/ipv4/ip_forward
#post-up iptables -t nat -A POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
#post-down iptables -t nat -D POSTROUTING -s '192.168.0.0/24' -o vmbr0 -j MASQUERADE
#Zentyal Server
#post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1020 -j DNAT --to 192.168.0.1:443
#post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1020 -j DNAT --to 192.168.0.1:443
#Web Server
#post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 192.168.0.2:22
#post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1022 -j DNAT --to 192.168.0.2:22
|
Danach einen Reboot
| iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
Nun zum Script!
chmod -x firewall.sh
chmod 755 firewall.sh
Nun führte ich das firewall Script aus!
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 | #!/bin/sh
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -X
iptables -t mangle -X
#
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o vmbr0 -j MASQUERADE
iptables -t nat -I PREROUTING 1 -i vmbr0 -p tcp --dport 1020 -j DNAT --to 192.168.50.1:443
iptables -t nat -I PREROUTING 2 -i vmbr0 -p tcp --dport 1021 -j DNAT --to 192.168.50.2:4576
# Alte Variante!
#Zentyal Server
# post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1020 -j DNAT --to 192.168.50.1:443
# post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1020 -j DNAT --to 192.168.0.1:443
#Web Server Cosynus
# post-up iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 1021 -j DNAT --to 192.168.50.2:4576
# post-down iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 1021 -j DNAT --to 192.168.50.2:4576
|
Ausgabe
1
2
3
4
5
6
7
8
9
10
11
12
13 | iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:1020 to:192.168.50.1:443
DNAT tcp -- anywhere anywhere tcp dpt:1021 to:192.168.50.2:4576
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.50.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
Nun komme ich aber nicht mehr von extern auf den Server mit der "tcp dpt:1020 to:192.168.50.1:443".
Wenn ich meine Regle wieder einbinde "original" und einen Rebooet mache, bekomme ich folgende Ausgabe
| iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:1020 to:192.168.50.1:443
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.50.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
Das sieht doch gleich aus??
Was bedeutet die 1/2 in der "PREROUTING 1" "PREROUTING 2" ?
danke vorab für deine Hilfe.