crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

firewall pour le proxy sur les vlans radin et accueil sur sable

Browse source 
darcs-hash:20080909173236-af139-61df3405e266e697acddd575a5a513c156171e4e.gz
This commit is contained in:
Jeremie Dimino 2008-09-09 19:32:36 +02:00
parent 84f99bf6ea
commit 97d88d2766
1 changed files with 10 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

11
gestion/gen_confs/firewall.py
View file

@ -1172,14 +1172,23 @@ class firewall_sable(firewall_rouge):
"""Comme pour rouge, avec le proxy transparent en plus"""
def mangle_table(self):
# Pour le proxy transparent
iptables("-t mangle -F PREROUTING")
# Pour le proxy transparent
iptables("-t mangle -i eth0.2 -A PREROUTING -p tcp --destination-port 3128 " +
"--destination 10.231.136.9 " +
"-m mac --mac-source %s " % mac_komaz +
"-j MARK --set-mark %s" % conf_fw.mark['proxy'])
iptables("-t mangle -A PREROUTING -m mark --mark %s -j ACCEPT" % conf_fw.mark['proxy'])
# Proxy transparent sur le vlan accueil
iptables("-t nat -i eth0.7 -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128")
iptables("-t nat -i eth0.7 -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT")
# Proxy transparent sur le vlan radin
iptables("-t nat -i eth0.6 -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.42.0.1:3128")
iptables("-t nat -i eth0.6 -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT")
def nat_table(self):
firewall_rouge.nat_table(self)
# Pour le proxy transparent