Difference between revisions of "Ufw"
Jump to navigation
Jump to search
| Line 18: | Line 18: | ||
# :PREROUTING ACCEPT [0:0] | # :PREROUTING ACCEPT [0:0] | ||
-F | -F | ||
| − | -I PREROUTING -i ens160 -p udp --dport 162 -j DNAT --to-destination 10. | + | -I PREROUTING -i ens160 -p udp --dport 162 -j DNAT --to-destination 10.x.x.52:162 |
| − | -I PREROUTING -i ens160 -p tcp --dport 162 -j DNAT --to-destination 10. | + | -I PREROUTING -i ens160 -p tcp --dport 162 -j DNAT --to-destination 10.x.x.52:162 |
| − | -I PREROUTING -i ens160 -p udp --dport 514 -j DNAT --to-destination 10. | + | -I PREROUTING -i ens160 -p udp --dport 514 -j DNAT --to-destination 10.x.x.52:514 |
| − | -I PREROUTING -i ens160 -p tcp --dport 514 -j DNAT --to-destination 10. | + | -I PREROUTING -i ens160 -p tcp --dport 514 -j DNAT --to-destination 10.x.x.52:514 |
# don't delete the 'COMMIT' line or these nat table rules won't | # don't delete the 'COMMIT' line or these nat table rules won't | ||
# # be processed | # # be processed | ||
Latest revision as of 21:48, 23 September 2020
command examples
sudo ufw allow from 10.1.0.1 to any proto tcp port 60000:60020
Troubleshoot using tcpdump
sudo tcpdump -npi bond0 port 60003
/etc/ufw/before.rules
# Add this to the top of file before *filter rules # START Custom nat rules jebusk *nat # POSTROUTING ACCEPT [0:0] # :PREROUTING ACCEPT [0:0] -F -I PREROUTING -i ens160 -p udp --dport 162 -j DNAT --to-destination 10.x.x.52:162 -I PREROUTING -i ens160 -p tcp --dport 162 -j DNAT --to-destination 10.x.x.52:162 -I PREROUTING -i ens160 -p udp --dport 514 -j DNAT --to-destination 10.x.x.52:514 -I PREROUTING -i ens160 -p tcp --dport 514 -j DNAT --to-destination 10.x.x.52:514 # don't delete the 'COMMIT' line or these nat table rules won't # # be processed COMMIT # END Custom