rezometz/firewall
9
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Fix radius federez

Browse source
This commit is contained in:
Hugo Levy-Falk 2020-09-14 20:26:26 +02:00 committed by root
parent d08218b9c3
commit 12c938c379
2 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
archi.nft
View file

@ -40,5 +40,4 @@ define range_public = 193.48.225.0/24
define ip_self_public = 193.48.225.254
define ip_radius = 10.7.0.124
define monitoring = 10.7.0.114

8
nat.nft
View file

@ -25,8 +25,8 @@ table ip nat {
chain prerouting {
type nat hook prerouting priority 0;
ip saddr $range_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;
ip saddr @radius_federez ip daddr $ip_self_public tcp dport { 636, 389 } dnat $ip_radius;
ip saddr @radius_federez ip daddr $ip_self_public udp dport { 636, 1812 } dnat $ip_radius;
#ip saddr @radius_federez ip daddr $ip_self_public tcp dport { 636, 389 } dnat $ip_radius;
#ip saddr @radius_federez ip daddr $ip_self_public udp dport { 636, 1812 } dnat $ip_radius;
}
@ -35,8 +35,8 @@ table ip nat {
meta oifname != $if_supelec return
ip saddr $ip_radius ip daddr @radius_federez tcp dport { 636, 389} snat to $ip_self_public
ip saddr $ip_radius ip daddr @radius_federez udp dport { 636, 1812 } snat to $ip_self_public
#ip saddr $ip_radius ip daddr @radius_federez tcp dport { 636, 389} snat to $ip_self_public
#ip saddr $ip_radius ip daddr @radius_federez udp dport { 636, 1812 } snat to $ip_self_public
ip daddr != {10.0.0.0/8, $range_public} ip saddr vmap {
$range_adherent : goto adherent_nat,