From: Mark Wooding <mdw@distorted.org.uk>
Date: Fri, 19 Apr 2013 14:17:29 +0000 (+0100)
Subject: mango.m4: Reverse NAT into the main network.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/eecc0daae4d78c7998a89f667cfd498780504c25?ds=sidebyside

mango.m4: Reverse NAT into the main network.

Allow access to internal web proxy and so on.
---

diff --git a/mango.m4 b/mango.m4
index 7c506f9..8f5874b 100644
--- a/mango.m4
+++ b/mango.m4
@@ -48,5 +48,13 @@ run iptables -t nat -X
 run iptables -t nat -A POSTROUTING -j SNAT --to-source 10.165.27.3 \
 	-s 172.29.198.0/23 -d 10.165.27.0/24 -o eth0
 
+clearchain nat:portfwd
+run iptables -t nat -A portfwd -j DNAT \
+	-p tcp --dport 3128 --to-destination 172.29.199.228
+for c in OUTPUT PREROUTING; do
+  run iptables -t nat -A $c -j portfwd \
+	-s 10.165.27.0/24 -d 10.165.27.3
+done
+
 m4_divert(-1)
 ###----- That's all, folks --------------------------------------------------