ufwでの転送設定メモ
試したのでメモ
WAN側NIC 192.168.0.101
WAN側GW 192.168.0.1
LAN側NIC 192.168.2.102
LAN側端末 192.168.2.103
固定IP設定
network: version: 2 renderer: networkd ethernets: eth0: dhcp4: no addresses: - 192.168.0.101/24 gateway4: 192.168.0.1 nameservers: addresses: [8.8.8.8] eth1: dhcp4: no addresses: - 192.168.2.102/24 gateway4: 192.168.0.101 nameservers: addresses: [8.8.8.8]
/etc/default/ufwのDEFAULT_FORWARD_POLICYをACCEPTに変更
DEFAULT_FORWARD_POLICY="ACCEPT"
/etc/sysctl.confの以下行を有効化
net.ipv4.ip_forward=1
設定反映
sysctl -p ufw reload
ufwの設定は以下
ufw logging low ufw allow ssh ufw allow 53 ufw allow 443 ufw allow 80
/etc/ufw/before.rulesに以下行を追加 7777がsshに転送される
*nat -F :POSTROUTING ACCEPT [0:0] :PREROUTING ACCEPT [0:0] -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE -A PREROUTING -i eth0 -d 192.168.0.101 -p tcp --dport 7777 -j DNAT --to-destination 192.168.2.103:22 -A PREROUTING -i eth0 -d 192.168.0.101 -p tcp --dport 8888 -j DNAT --to-destination 192.168.2.103:8888 COMMIT
設定反映
ufw disable && ufw enable