blog‎ > ‎

UFW NAT

posted 13 Nov 2012, 22:17 by Kampau Ocu

Enable packet forwarding:
In file /etc/default/ufw, change DEFAULT_FORWARD_POLICY to “ACCEPT”: 
DEFAULT_FORWARD_POLICY="ACCEPT"


In file /etc/ufw/sysctl.conf, uncomment lines

net/ipv4/ip_forward=1
net/ipv6/conf/default/forwarding=1

*yang di atas agak beda dikit ama sumber


Add forwarding rules to ufw:
Now we will add rules to the /etc/ufw/before.rules file.

#2012-11-14
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic from private network through eth0, the Internet iface on master.
-A POSTROUTING -s 10.254.40.0/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT



urn on ufw
Make sure ufw allows port 22 before turn on the firewall.

sudo ufw allow 22

Trust private network

sudo ufw allow from 10.10.20.0/24
sudo ufw allow to 10.10.20.0/24

Restart ufw to make the NAT masqueraring work:

sudo ufw disable && sudo ufw enable

Firewall stopped and disabled on system startup
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup




sumber:

Comments