rezometz/firewall
9
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Ne NAT pas le traffic vers l'intérieur

Browse source
This commit is contained in:
Hugo LEVY-FALK 2019-05-12 11:58:09 +02:00 committed by root
parent 6429d1d56c
commit b395d0d258
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
archi.nft
View file

@ -22,5 +22,5 @@ define range_aloes = 10.66.0.0/27
define range_prerezotage = 10.68.0.0/16 define range_prerezotage = 10.68.0.0/16
define range_public = 193.48.225.0/24 define range_public = 193.48.225.0/24
define ip_self_public = 193.48.225.254 define ip_self_public = 193.48.225.2
define ip_radius = 10.7.0.124 define ip_radius = 10.7.0.124

1
nat.nft
View file

@ -18,6 +18,7 @@ table ip nat {
chain postrouting { chain postrouting {
type nat hook postrouting priority 100 type nat hook postrouting priority 100
meta oifname != $if_supelec return
ip daddr != {10.0.0.0/8, $range_public} ip saddr vmap { ip daddr != {10.0.0.0/8, $range_public} ip saddr vmap {
$range_adherent : goto adherent_nat, $range_adherent : goto adherent_nat,