mirror of
https://github.com/moparisthebest/mailiverse
synced 2024-11-14 21:25:05 -05:00
43 lines
1.4 KiB
Plaintext
Executable File
43 lines
1.4 KiB
Plaintext
Executable File
#####
|
|
# server dmz
|
|
#
|
|
# Timothy Prepscius v20130326
|
|
|
|
# Allow the server to forward ips
|
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
|
# bring up the tap
|
|
ifconfig tap0 up
|
|
# put an ip on it so we can route traffic through it
|
|
ifconfig tap0 192.168.2.5
|
|
|
|
# route all traffic for 192.168.2.* through it
|
|
# this is done implicitly when we add the ip to the tap0
|
|
#ip route add 192.168.2.0/24 dev tap0
|
|
|
|
#####
|
|
# server iptables
|
|
|
|
iptables -F
|
|
iptables -t nat -F
|
|
|
|
# forward traffic between DMZ and LAN
|
|
iptables -A FORWARD -i eth0 -o tap0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
|
|
iptables -A FORWARD -i tap0 -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
|
|
|
|
# Route incoming port to DMZ server 192.168.2.1
|
|
#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8000 -j DNAT --to-destination 192.168.2.1:8000
|
|
|
|
# do not need since nginx is performing this
|
|
#iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 80 -j DNAT --to-destination 192.168.2.1:8080
|
|
|
|
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT --to-destination 192.168.2.1:10025
|
|
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 7000 -j DNAT --to-destination 192.168.2.1:7000
|
|
iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 7001 -j DNAT --to-destination 192.168.2.1:7001
|
|
|
|
# When the traffic goes back out, make sure it has our IP and not the DMZ
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
|
|
### End Server ####
|
|
|