-2
I currently have two network card on my Ubuntu 16.04 server, configured as follows in the file interfaces:
auto lo eno1 enp2s0
iface lo inet loopback
#Rede Externa que vai para antena de Internet
iface eno1 inet static
address 192.168.0.100
netmask 255.255.255.0
gateway 192.168.0.1
network 192.168.0.0
broadcast 192.168.0.255
dns-nameservers 8.8.8.8
#Rede interna
iface enp2s0 inet static
address 192.168.20.1
netmask 255.255.255.0
network 192.168.20.0
broadcast 192.168.20.255
I need to create a firewall rule, which will send packets to ip: ...100 through port 6515, through a computer of my internal network (.20.239).
That is to say:
192.168.20.239:6515 ----> 192.168.20.1:6515 (IP Server) ----> 192.168.0.100:6515 (IP Antenna)
Could someone help me?
I was testing the script below, however, I was able to direct only my internet to the internal network:
#!/bin/bash
### BEGIN INIT INFO
# Provides: compartilhar
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start compartilhar at boot time
# Description: Enable service provided by compartilhar.
### END INIT INFO
# Interface da Internet:
ifinternet="eno1"
# Interface da rede local
iflocal="enp2s0"
iniciar(){
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $ifinternet -j MASQUERADE
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
echo 1 > /proc/sys/net/ipv4/conf/default/rp_filter
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $iflocal -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 631 -j ACCEPT
iptables -A INPUT -p tcp --dport 6515 -j ACCEPT
iptables -A INPUT -p tcp --syn -j DROP
}
parar(){
iptables -F
iptables -F -t nat
}
case "$1" in
"start") iniciar ;;
"stop") parar ;;
"restart") parar; iniciar ;;
*) echo "Use os parâmetros start ou stop"
esac
Follows topology:
In this case, is being released access only shipping? To enable sending and receiving to this port, would have to add what?
– Agnaldo Junior
I believe I took the question to another understanding and didn’t answer you accordingly. Port 6515 is on a 192.168.0.0/24 network device (ex: 192.168.0.50), correct? IP 192.168.20.239 can drop to this destination?
– Felipe Tomm
In fact, on the local network computer (192.168.20.0/24 -> 20.239) I have a Hardkeyusb that uses port 6515. On my local network I can access it from other computers, but from the server I can’t. I need to access it after the server too. I need this, so my internet antenna can share it with my External Ip to access Hardkey from outside the company.
– Agnaldo Junior
I edited according to this last post. I believe I can help you now.
– Felipe Tomm
Thanks for your help, but I haven’t been able to communicate. In topology you treated Firewall as something separate, however, Firewall is inside the Ubuntu server. I put an image of my topology.
– Agnaldo Junior
Your rules are ok. I believe that all that remains is to release the forward so that the two interfaces communicate. Add this line: iptables -A FORWARD --in-interface enp2s0 -j ACCEPT
– Felipe Tomm