From 31c0a1076869a8595716b0ea2666f5cc8123379e Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Sun, 10 Feb 2013 12:59:23 +0000 Subject: [PATCH] New host `mango'. --- local.m4 | 5 +++++ local.mk | 1 + mango.m4 | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 58 insertions(+) create mode 100644 mango.m4 diff --git a/local.m4 b/local.m4 index 0d5d267..78e63d4 100644 --- a/local.m4 +++ b/local.m4 @@ -258,6 +258,11 @@ defnet binswood noloop addr 10.165.27.0/24 via colohub +defhost mango + hosttype router + iface eth0 binswood default + iface vpn-precision colo + m4_divert(80)m4_dnl ###-------------------------------------------------------------------------- ### Special forwarding exemptions. diff --git a/local.mk b/local.mk index f02bb6d..e6ed935 100644 --- a/local.mk +++ b/local.mk @@ -7,6 +7,7 @@ MAIN_M4_SOURCES += local.m4 HOSTS += vampire HOSTS += orange +HOSTS += mango HOSTS += ibanez HOSTS += radius diff --git a/mango.m4 b/mango.m4 new file mode 100644 index 0000000..e0bcece --- /dev/null +++ b/mango.m4 @@ -0,0 +1,52 @@ +### -*-sh-*- +### +### Firewall configuration for mango +### +### (c) 2008 Mark Wooding +### + +###----- Licensing notice --------------------------------------------------- +### +### This program is free software; you can redistribute it and/or modify +### it under the terms of the GNU General Public License as published by +### the Free Software Foundation; either version 2 of the License, or +### (at your option) any later version. +### +### This program is distributed in the hope that it will be useful, +### but WITHOUT ANY WARRANTY; without even the implied warranty of +### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +### GNU General Public License for more details. +### +### You should have received a copy of the GNU General Public License +### along with this program; if not, write to the Free Software Foundation, +### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + +###-------------------------------------------------------------------------- +### mango-specific rules. + +m4_divert(86)m4_dnl +## Externally visible services. +allowservices inbound tcp \ + ssh +allowservices inbound udp \ + tripe + +## Other interesting things. +dnsresolver inbound + +## Trust the surrounding environment. +run iptables -A INPUT -j ACCEPT -s 10.165.27.0/24 + +## NAT for remote administration. +for i in PREROUTING OUTPUT POSTROUTING; do + run iptables -t nat -P $i ACCEPT 2>/dev/null || : + run iptables -t nat -F $i 2>/dev/null || : +done +run iptables -t nat -F +run iptables -t nat -X + +run iptables -t nat -A POSTROUTING -j SNAT --to-source 10.165.27.3 \ + -o eth0 -s 172.29.198.0/23 + +m4_divert(-1) +###----- That's all, folks -------------------------------------------------- -- 2.11.0