matthias/panda_linux
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

- Enable port forwarding for DC

Browse Source
This commit is contained in:
Matthias Blankertz
2014-05-18 15:49:20 +02:00
parent 00dbfa907b
commit a3fade3b3f
6 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
overlay/etc/firewall.sh
View File

@@ -106,6 +106,32 @@ iptables -A INPUT -p udp --dport 1194 -j ACCEPT -m state --state NEW
iptables -A INPUT -i tun+ -j ACCEPT iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT
## Port Forwarding for DC
# Allow forwarded ports
iptables -A INPUT -i eth0 -p udp -m multiport --dports 6666,6668,6670,6672 -j ACCEPT -m state --state NEW
iptables -A FORWARD -i eth0 -p udp -m multiport --dports 6666,6668,6670,6672 -j ACCEPT -m state --state NEW
iptables -A INPUT -i eth0 -p tcp --dport 6666:6673 -j ACCEPT -m state --state NEW
iptables -A FORWARD -i eth0 -p tcp --dport 6666:6673 -j ACCEPT -m state --state NEW
# Forward
iptables -t nat -A PREROUTING -p udp --dport 6666 -i eth0 -j DNAT --to 10.42.23.129:6666
iptables -t nat -A PREROUTING -p tcp --dport 6666 -i eth0 -j DNAT --to 10.42.23.129:6666
iptables -t nat -A PREROUTING -p tcp --dport 6667 -i eth0 -j DNAT --to 10.42.23.129:6667
iptables -t nat -A PREROUTING -p udp --dport 6668 -i eth0 -j DNAT --to 10.42.23.131:6668
iptables -t nat -A PREROUTING -p tcp --dport 6668 -i eth0 -j DNAT --to 10.42.23.131:6668
iptables -t nat -A PREROUTING -p tcp --dport 6669 -i eth0 -j DNAT --to 10.42.23.131:6669
iptables -t nat -A PREROUTING -p udp --dport 6670 -i eth0 -j DNAT --to 10.42.23.133:6670
iptables -t nat -A PREROUTING -p tcp --dport 6670 -i eth0 -j DNAT --to 10.42.23.133:6670
iptables -t nat -A PREROUTING -p tcp --dport 6671 -i eth0 -j DNAT --to 10.42.23.133:6671
iptables -t nat -A PREROUTING -p udp --dport 6672 -i eth0 -j DNAT --to 10.42.23.135:6672
iptables -t nat -A PREROUTING -p tcp --dport 6672 -i eth0 -j DNAT --to 10.42.23.135:6672
iptables -t nat -A PREROUTING -p tcp --dport 6673 -i eth0 -j DNAT --to 10.42.23.135:6673
# Catchall # Catchall
iptables -A INPUT -j LOG --log-level debug --log-prefix "CATCHALL " iptables -A INPUT -j LOG --log-level debug --log-prefix "CATCHALL "
iptables -A FORWARD -j LOG --log-level debug --log-prefix "CATCHALL " iptables -A FORWARD -j LOG --log-level debug --log-prefix "CATCHALL "

1
overlay/etc/openvpn/ccd/Jan Olbrich Normal file
View File

@@ -0,0 +1 @@
ifconfig-push 10.42.23.129 19.42.23.130

1
overlay/etc/openvpn/ccd/Jan Olbrich Luna Normal file
View File

@@ -0,0 +1 @@
ifconfig-push 10.42.23.135 10.42.23.136

1
overlay/etc/openvpn/ccd/VPN Test Client Key Normal file
View File

@@ -0,0 +1 @@
ifconfig-push 10.42.23.131 10.42.23.132

1
overlay/etc/openvpn/ccd/ka.blankertz.org Normal file
View File

@@ -0,0 +1 @@
ifconfig-push 10.42.23.133 10.42.23.134

3
overlay/etc/openvpn/vpn.conf
View File

@@ -80,6 +80,8 @@ cert panda.crt
key panda.key # This file should be kept secret key panda.key # This file should be kept secret
crl-verify crl.pem crl-verify crl.pem
client-config-dir /etc/openvpn/ccd
# Diffie hellman parameters. # Diffie hellman parameters.
# Generate your own with: # Generate your own with:
# openssl dhparam -out dh1024.pem 1024 # openssl dhparam -out dh1024.pem 1024
@@ -164,6 +166,7 @@ push "route 172.19.0.0 255.255.0.0"
;client-config-dir ccd ;client-config-dir ccd
;route 10.9.0.0 255.255.255.252 ;route 10.9.0.0 255.255.255.252
# Then add this line to ccd/Thelonious: # Then add this line to ccd/Thelonious:
# ifconfig-push 10.9.0.1 10.9.0.2 # ifconfig-push 10.9.0.1 10.9.0.2
# Suppose that you want to enable different # Suppose that you want to enable different