crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Plus de redirection vers le wiki pour ceux qui n'ont pas de proxy :

Browse source 
trop de problmes. On pourrait rediriger sur le proxy directement, sur
une patte en IP prive de sila (pour faire du DNAT uniquement).

darcs-hash:20050928123449-d1718-75f99cf9d30e9e7ae3b82989aecf74b8ce5bb8d5.gz
This commit is contained in:
bernat 2005-09-28 14:34:49 +02:00
parent 4a5f44a6a7
commit dd63b05b74
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
gestion/gen_confs/firewall.py
View file

@ -465,8 +465,8 @@ class firewall_komaz(firewall_crans) :
iptables("-t nat -A PREROUTING -i %s -j ACCEPT" % self.eth_ext ) iptables("-t nat -A PREROUTING -i %s -j ACCEPT" % self.eth_ext )
iptables("-t nat -A PREROUTING -s %s -j ACCEPT" % self.zone_serveur ) iptables("-t nat -A PREROUTING -s %s -j ACCEPT" % self.zone_serveur )
iptables("-t nat -A PREROUTING -d %s -j ACCEPT" % self.zone_serveur ) iptables("-t nat -A PREROUTING -d %s -j ACCEPT" % self.zone_serveur )
iptables("-t nat -A PREROUTING -i %s -p tcp --dport 80 -s ! %s -j DNAT --to-destination 138.231.136.3:81" % (self.eth_int, self.zone_serveur) ) # iptables("-t nat -A PREROUTING -i %s -p tcp --dport 80 -s ! %s -j DNAT --to-destination 138.231.136.3:81" % (self.eth_int, self.zone_serveur) )
iptables("-t nat -A POSTROUTING -o %s -p tcp --dport 81 -s 138.231.136.0/21 -d 138.231.136.3 -j SNAT --to-source 138.231.136.4" % self.eth_int ) # iptables("-t nat -A POSTROUTING -o %s -p tcp --dport 81 -s 138.231.136.0/21 -d 138.231.136.3 -j SNAT --to-source 138.231.136.4" % self.eth_int )
iptables("-t nat -A PREROUTING -j TEST_MAC-IP") iptables("-t nat -A PREROUTING -j TEST_MAC-IP")
iptables("-t nat -P PREROUTING DROP") iptables("-t nat -P PREROUTING DROP")
iptables("-t nat -P OUTPUT ACCEPT") iptables("-t nat -P OUTPUT ACCEPT")