Difference between revisions of "Ufw"
Jump to navigation
Jump to search
imported>Jeremy-busk |
|||
| Line 8: | Line 8: | ||
``` | ``` | ||
sudo tcpdump -npi bond0 port 60003 | sudo tcpdump -npi bond0 port 60003 | ||
| + | ``` | ||
| + | |||
| + | /etc/ufw/before.rules | ||
| + | ``` | ||
| + | # Add this to the top of file before *filter rules | ||
| + | # START Custom nat rules jebusk | ||
| + | *nat | ||
| + | # POSTROUTING ACCEPT [0:0] | ||
| + | # :PREROUTING ACCEPT [0:0] | ||
| + | -F | ||
| + | -I PREROUTING -i ens160 -p udp --dport 162 -j DNAT --to-destination 10.118.41.235:162 | ||
| + | -I PREROUTING -i ens160 -p tcp --dport 162 -j DNAT --to-destination 10.118.41.235:162 | ||
| + | -I PREROUTING -i ens160 -p udp --dport 514 -j DNAT --to-destination 10.118.41.52:162 | ||
| + | -I PREROUTING -i ens160 -p tcp --dport 514 -j DNAT --to-destination 10.118.41.52:162 | ||
| + | # don't delete the 'COMMIT' line or these nat table rules won't | ||
| + | # # be processed | ||
| + | COMMIT | ||
| + | # END Custom | ||
``` | ``` | ||
Revision as of 21:47, 23 September 2020
command examples
sudo ufw allow from 10.1.0.1 to any proto tcp port 60000:60020
Troubleshoot using tcpdump
sudo tcpdump -npi bond0 port 60003
/etc/ufw/before.rules
# Add this to the top of file before *filter rules # START Custom nat rules jebusk *nat # POSTROUTING ACCEPT [0:0] # :PREROUTING ACCEPT [0:0] -F -I PREROUTING -i ens160 -p udp --dport 162 -j DNAT --to-destination 10.118.41.235:162 -I PREROUTING -i ens160 -p tcp --dport 162 -j DNAT --to-destination 10.118.41.235:162 -I PREROUTING -i ens160 -p udp --dport 514 -j DNAT --to-destination 10.118.41.52:162 -I PREROUTING -i ens160 -p tcp --dport 514 -j DNAT --to-destination 10.118.41.52:162 # don't delete the 'COMMIT' line or these nat table rules won't # # be processed COMMIT # END Custom