Setup Port Forwarding di Ubuntu
1. sudo ufw enable (enalbe firewall)
2. Enabling the Default Policies
sudo ufw default deny incoming (Default incoming policy changed to 'deny')
sudo ufw default allow outgoing (Default outgoing policy changed to 'allow')
3. sudo ufw allow ssh (Enabling SSH Connections)
4. sudo ufw allow 80 (Enabling HTTP)
5. Sudo ufw allow 443 (Enable https and do for others port)
6. sudo ufw deny 80 (deny http)
7. sudo ufw delete allow http
8. sudo ufw status numbered (check status port)
9. update /etc/ufw/before.rules
*filter
-A FORWARD -i eth0 -o eth1 -p tcp --syn --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i ens192 -o ens160 -p tcp --syn --dport 587 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i ens192 -o ens160 -p tcp --syn --dport 465 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i ens192 -d 203.125.90.92 -p tcp --dport 143 -j DNAT --to-destination 172.16.10.18:143
-A PREROUTING -i ens192 -d 203.125.90.92 -p tcp --dport 993 -j DNAT --to-destination 172.16.10.18:993
-A PREROUTING -i ens192 -d 203.125.90.92 -p tcp --dport 587 -j DNAT --to-destination 172.16.10.18:587
-A PREROUTING -i ens192 -d 203.125.90.92 -p tcp --dport 465 -j DNAT --to-destination 172.16.10.18:465
-A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 587 -j SNAT --to-source 172.16.80.104
-A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 465 -j SNAT --to-source 172.16.80.104
-A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 143 -j SNAT --to-source 172.16.80.104
-A POSTROUTING -d 172.16.10.18 -o ens160 -p tcp --dport 993 -j SNAT --to-source 172.16.80.104
COMMIT
for machine with single network
9. update /etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 993 -j DNAT --to-destination 172.16.10.18:993
-A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 172.16.10.18:143
-A PREROUTING -p tcp --dport 465 -j DNAT --to-destination 172.16.10.18:465
-A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 172.16.10.18:587
-A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 172.16.10.18:25
-A POSTROUTING -j MASQUERADE
COMMIT
*filter
-A FORWARD -p tcp --syn --dport 143 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -p tcp --syn --dport 993 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -p tcp --syn --dport 587 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -p tcp --syn --dport 465 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -p tcp --syn --dport 25 -m conntrack --ctstate NEW -j ACCEPT
-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
COMMIT
tool nya
1. iptables -t nat --line-numbers -L
2. iptables -t nat -f POSTROUTING
3. iptables -t nat -f PREROUTING
4. iptables -S
5. systemctl restart ufw
6. iptables -L
No comments:
Post a Comment