Update README
This commit is contained in:
parent
5d6cd10572
commit
2a52b5c035
16
README.md
16
README.md
@ -39,13 +39,12 @@ net.ipv4.ip_forward=1
|
|||||||
sudo sysctl -p /etc/sysctl.conf
|
sudo sysctl -p /etc/sysctl.conf
|
||||||
```
|
```
|
||||||
|
|
||||||
* WIP
|
* Create the following IPTables rules:
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
export UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
|
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
|
||||||
tr -d ' ')
|
tr -d ' ')
|
||||||
export LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
|
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
|
||||||
echo "$UP_DEV -> $LOCAL_DEV"
|
echo "$UP_DEV -> $LOCAL_DEV"
|
||||||
|
|
||||||
GUEST_IP=192.168.25.189
|
GUEST_IP=192.168.25.189
|
||||||
@ -55,16 +54,9 @@ GUEST_PORT=8085
|
|||||||
# connections from outside
|
# connections from outside
|
||||||
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
||||||
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
||||||
|
|
||||||
# TODO: try to ignore Masquerade local subnet
|
|
||||||
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
|
||||||
sudo iptables -t nat -A POSTROUTING -s 192.168.25.0/24 -j MASQUERADE
|
|
||||||
sudo iptables -A FORWARD -o $LOCAL_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
||||||
sudo iptables -A FORWARD -i $LOCAL_DEV -o $UP_DEV -j ACCEPT
|
|
||||||
sudo iptables -A FORWARD -i $LOCAL_DEV -o lo -j ACCEPT
|
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
||||||
|
* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook.
|
||||||
|
|
||||||
|
|
||||||
### Manual port forwarding with a LibVirt HOOK
|
### Manual port forwarding with a LibVirt HOOK
|
||||||
|
Loading…
Reference in New Issue
Block a user