Add NAT section to IPv4 rules

2014-01-26 00:40:55 +01:00 · 2014-01-26 00:40:55 +01:00 · be35d537f9
parent aed1e6f71a
commit be35d537f9
1 changed files with 26 additions and 2 deletions
--- a/rules-ipv4.iptables
+++ b/rules-ipv4.iptables
@ -35,12 +35,13 @@
 # a host.
 #
 # Parts 1 and 3 of these rules are the same for each host, whilst part 2 can be 
-# populated with rules specific to particular hosts.
+# populated with rules specific to particular hosts. The optional part 4 is
+# prepared for a NAT rules, e.g. for port forwarding, redirect, masquerade...
 #
 # This template is based on http://jdem.cz/v64a3 from University of Leicester
 #
 # @author Jakub Jirutka <jakub@jirutka.cz>
-# @version 1.2.1
+# @version 1.3
 # @date 2014-01-26
 #

@ -147,3 +148,26 @@
 -A INPUT -m limit --limit 1/second --limit-burst 100 -j LOG --log-prefix "iptables[DOS]: "

 COMMIT
+
+
+###############################################################################
+# 4. HOST SPECIFIC NAT RULES                                                  #
+#                                                                             #
+# Uncomment this section if you want to use NAT table, e.g. for port          #
+# forwarding, redirect, masquerade...                                         #
+###############################################################################
+
+#*nat
+
+# Base policy
+#:PREROUTING ACCEPT [0:0]
+#:POSTROUTING ACCEPT [0:0]
+#:OUTPUT ACCEPT [0:0]
+
+# Redirect port 21 to local port 2121
+#-A PREROUTING -i eth0 -p tcp --dport 21 -j REDIRECT --to-port 2121
+
+# Forward port 8080 to port 80 on host 192.168.1.10
+#-A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.1.10:80
+
+#COMMIT