1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
iptables -t nat -F
nic #
iptables -F
nic #
# NAT
nic #
iptables -t nat -A POSTROUTING --source 192.1.3.0/24 --destination 0.0.0.0/0 -j SNAT --to-source 192.1.2.254
nic #
# make sure that we never acidentially let ESP through.
nic #
#
nic #
iptables -I FORWARD 1 --proto 50 -j DROP
nic #
iptables -I FORWARD 2 --destination 192.0.2.0/24 -j DROP
nic #
iptables -I FORWARD 3 --source 192.0.2.0/24 -j DROP
nic #
# route
nic #
iptables -I INPUT 1 --destination 192.0.2.0/24 -j DROP
nic #
# Display the table, so we know it is correct.
nic #
iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.1.3.0/24 0.0.0.0/0 to:192.1.2.254
nic #
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- 0.0.0.0/0 192.0.2.0/24
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DROP esp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 192.0.2.0/24
DROP all -- 192.0.2.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
nic #
echo initdone
initdone
|
