Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # -*- shell-script -*-
- @def &FORWARD_PORT($proto, $port, $dest) = {
- table filter chain FORWARD interface eth1 outerface eth2 daddr $dest proto $proto dport $port ACCEPT;
- table nat chain PREROUTING interface eth1 daddr 83.xxx.xxx.xxx proto $proto dport $port DNAT to $dest;
- }
- table filter {
- chain INPUT {
- policy DROP;
- interface lo ACCEPT;
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
- proto icmp ACCEPT;
- proto tcp mod multiport destination-ports (
- 2144 # hyperic agent
- ssh
- http
- https
- ) ACCEPT;
- }
- chain OUTPUT policy ACCEPT;
- chain FORWARD {
- policy DROP;
- interface eth1 ACCEPT;
- mod state state INVALID DROP;
- mod state state (ESTABLISHED RELATED) ACCEPT;
- }
- }
- table nat {
- chain POSTROUTING {
- outerface eth0 saddr 192.168.xxx.xxx/24 SNAT to 83.xxx.xxx.xxx;
- }
- }
- # db hyperic agent
- &FORWARD_PORT((tcp udp), 2145, 192.168.xxx.xxx);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
