mango.m4: Reverse NAT into the main network.

Allow access to internal web proxy and so on.

diff --git a/mango.m4 b/mango.m4
index 7c506f9..8f5874b 100644 (file)
--- a/mango.m4
+++ b/mango.m4
@@ -48,5 +48,13 @@ run iptables -t nat -X
 run iptables -t nat -A POSTROUTING -j SNAT --to-source 10.165.27.3 \
        -s 172.29.198.0/23 -d 10.165.27.0/24 -o eth0
 
+clearchain nat:portfwd
+run iptables -t nat -A portfwd -j DNAT \
+       -p tcp --dport 3128 --to-destination 172.29.199.228
+for c in OUTPUT PREROUTING; do
+  run iptables -t nat -A $c -j portfwd \
+       -s 10.165.27.0/24 -d 10.165.27.3
+done
+
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------