38 lines
1.2 KiB
Bash
38 lines
1.2 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
set -xe
|
|
|
|
source /vagrant/provisioning/firewall/firewall.conf
|
|
|
|
# Activation du NAT Forwarding
|
|
sed -i 's/^#net\/ipv4\/ip_forward.*$/net\/ipv4\/ip_forward=1/' /etc/ufw/sysctl.conf
|
|
sed -i 's/^#net\/ipv6\/conf\/default\/forwarding.*$/net\/ipv6\/conf\/default\/forwarding=1/' /etc/ufw/sysctl.conf
|
|
sed -i 's/^#net\/ipv6\/conf\/all\/forwarding.*$/net\/ipv6\/conf\/all\/forwarding=1/' /etc/ufw/sysctl.conf
|
|
|
|
#sed -i 's/^DEFAULT_FORWARD_POLICY="DROP"$/DEFAULT_FORWARD_POLICY="ACCEPT"/' /etc/default/ufw
|
|
|
|
# Ajout des règles de forwarding
|
|
TMP_FILE=$(mktemp)
|
|
cat > "$TMP_FILE" <<EOF
|
|
*nat
|
|
|
|
:POSTROUTING ACCEPT [0:0]
|
|
-A POSTROUTING -s $INTRANET_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
|
#-A POSTROUTING -s $ACCOUNTING_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
|
-A POSTROUTING -s $DEVELOPER_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
|
-A POSTROUTING -s $EXTRANET_NETWORK -o $MGMT_IFACE -j MASQUERADE
|
|
|
|
:PREROUTING ACCEPT [0:0]
|
|
-A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to-destination 192.168.202.10:80
|
|
-A PREROUTING -i eth1 -p tcp --dport 443 -j DNAT --to-destination 192.168.202.10:443
|
|
|
|
COMMIT
|
|
|
|
$(cat /etc/ufw/before.rules)
|
|
EOF
|
|
|
|
mv /etc/ufw/before.rules /etc/ufw/before.rules.bak
|
|
mv "$TMP_FILE" /etc/ufw/before.rules
|
|
|
|
rm -f "$TMP_FILE"
|