[Firehol-support] NAT assistance

Nicolas Repentin nicolas at shivaserv.fr
Sun Jul 16 18:52:53 BST 2017


Hi !

I think you need a rule like this (put this before interface rules)

dnat4 3.3.3.3:9999 proto tcp dport 9999 inface ens3 src 1.1.1.1

In your router4 rule you need to allow with "router "youport" accept src 1.1.1.1"
You might need to add "masquerade" on the router4 rule too.

I might be wrong but i do like this and it works well.


Le 16 juillet 2017 17:14:49 GMT+02:00, vendor33 at reticent.xyz a écrit :
>Hello,
>
>I am hoping someone could assist me with a configuration issue I cannot
>
>seem to get my head around.  I have Firehol setup on a VPS with IP 
>address 2.2.2.2, one function of which is to provide OpenVPN services. 
>
>For this configuration everything below works as expected.
>
>However, I wish to additionally use the VPS and Firehol to translate 
>incoming TCP traffic from a home server with public IP address 1.1.1.1 
>to a remote server 3.3.3.3 port 9999.  Can someone please assist me
>with 
>the necessary NAT configuration?  It does not require bi-directional 
>traffic but does require traffic response to 1.1.1.1 since it is TCP.
>
>
>Thanks
>
>DB
>
>
>version 5
>
>server_openssh_ports="tcp/34921"
>client_openssh_ports="default"
>
>ipv4 interface ens3 inet
>         client all accept
>         server openvpn accept
>         server openssh accept src "1.1.1.1"
>
>ipv4 interface tun0 vpn
>         server all accept
>         client all accept
>
>router inet2vpn inface ens3 outface tun0
>         route all accept
>
>router vpn2inet inface tun0 outface ens3
>         masquerade
>         route all accept
>
>_______________________________________________
>Firehol-support mailing list
>Firehol-support at lists.firehol.org
>http://lists.firehol.org/mailman/listinfo/firehol-support

-- 
Nicolas


More information about the Firehol-support mailing list