Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ cat /etc/network/interfaces
- ### Hetzner Online GmbH installimage
- source /etc/network/interfaces.d/*
- auto lo
- iface lo inet loopback
- iface lo inet6 loopback
- auto eno1
- iface eno1 inet static
- address <public_ip>
- netmask 255.255.255.224
- gateway 145.250.76.33
- # route 145.250.76.32/27 via 145.250.76.33
- up route add -net 145.250.76.32 netmask 255.255.255.224 gw 145.250.76.33 dev eno1
- up ip link set eno1 txqueuelen 10000
- iface eno1 inet6 static
- address 2b01:4f8:212:4138::2
- netmask 64
- gateway fe71::1
- auto vmbr2
- iface vmbr2 inet static
- address 192.168.22.254
- netmask 255.255.255.0
- bridge_ports none
- bridge_stp off
- bridge_fd 0
- up ip link set vmbr2 txqueuelen 10000
- post-up echo 1 > /proc/sys/net/ipv4/ip_forward
- post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr2/proxy_arp
- ### MASQUERADE RULE
- post-up iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE --source '192.168.22.0/24'
- ### SSH PREROUTING rules on both interfaces
- post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 2222 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:22
- post-up iptables -t nat -A PREROUTING -i vmbr2 -p tcp --dport 2222 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:22
- ### HTTP PREROUTING rules on both interfaces
- post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 80 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:80
- post-up iptables -t nat -A PREROUTING -i vmbr2 -p tcp --dport 80 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:80
- ### HTTPS PREROUTING rules on both interfaces
- post-up iptables -t nat -A PREROUTING -i eno1 -p tcp --dport 443 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:443
- post-up iptables -t nat -A PREROUTING -i vmbr2 -p tcp --dport 443 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:443
- ### OUTPUT rules
- post-up iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --destination <public_ip>/32 --to-destination 192.168.22.5:80
- post-up iptables -t nat -A OUTPUT -p tcp --dport 443 -j DNAT --destination <public_ip>/32 --to-destination 192.168.22.5:443
- post-up iptables -t nat -A OUTPUT -p tcp --dport 2222 -j DNAT --destination <public_ip>/32 --to-destination 192.168.22.5:22
- #### DOWN rules to remove all rules from above. ####
- post-down iptables -t nat -D POSTROUTING -o eno1 -j MASQUERADE --source '192.168.22.0/24'
- post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport 2222 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:22
- post-down iptables -t nat -D PREROUTING -i vmbr2 -p tcp --dport 2222 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:22
- post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport 80 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:80
- post-down iptables -t nat -D PREROUTING -i vmbr2 -p tcp --dport 80 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:80
- post-down iptables -t nat -D PREROUTING -i eno1 -p tcp --dport 443 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:443
- post-down iptables -t nat -D PREROUTING -i vmbr2 -p tcp --dport 443 -j DNAT --destination <public_ip> --to-destination 192.168.22.5:443
- post-down iptables -t nat -D OUTPUT -p tcp --dport 80 -j DNAT --destination <public_ip>/32 --to-destination 192.168.22.5:80
- post-down iptables -t nat -D OUTPUT -p tcp --dport 443 -j DNAT --destination <public_ip>/32 --to-destination 192.168.22.5:443
- post-down iptables -t nat -D OUTPUT -p tcp --dport 2222 -j DNAT --destination <public_ip>/32 --to-destination 192.168.22.5:22
Add Comment
Please, Sign In to add comment