diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2022-01-09 02:23:14 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2022-01-09 02:23:14 +0100 |
| commit | 317d907e5de8827b96128d3a3dcf8daa1d94ad42 (patch) | |
| tree | cda506a271debc899901c73268b14f76ff875ab3 /chaos-at-home | |
| parent | remove old TODO (diff) | |
ch-jump reinstalled @ ch-phoebe
Diffstat (limited to 'chaos-at-home')
| -rw-r--r-- | chaos-at-home/ch-gw-lan.yml | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/chaos-at-home/ch-gw-lan.yml b/chaos-at-home/ch-gw-lan.yml index 64e1c8b8..11d65b17 100644 --- a/chaos-at-home/ch-gw-lan.yml +++ b/chaos-at-home/ch-gw-lan.yml @@ -19,13 +19,20 @@ define public_ipv4 = {{ network_zones.magenta.prefix | ipaddr(network_zones.magenta.offsets['ch-router']) | ipaddr('address') }} table ip nat { - chain prerouting { + chain public-services-prerouting { type nat hook prerouting priority -100; policy accept; iif $nic_lan ip daddr $public_ipv4 tcp dport { 222 } dnat to {{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-router']) | ipaddr('address') }} comment "ssh-router" {% for name, svc in network_services.items() %} iif $nic_lan ip daddr $public_ipv4 tcp dport { {{ svc.ports | join(', ') }} } dnat to {{ svc.addr }} comment "{{ name }}" {% endfor %} } + chain public-services-output { + type nat hook output priority -100; policy accept; + ip daddr $public_ipv4 tcp dport { 222 } dnat to {{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-router']) | ipaddr('address') }} comment "ssh-router" + {% for name, svc in network_services.items() %} + ip daddr $public_ipv4 tcp dport { {{ svc.ports | join(', ') }} } dnat to {{ svc.addr }} comment "{{ name }}" + {% endfor %} + } } dest: /etc/nftables.d/public-services.nft notify: reload nftables |