diff options
Diffstat (limited to 'chaos-at-home/ch-gw-lan.yml')
-rw-r--r-- | chaos-at-home/ch-gw-lan.yml | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/chaos-at-home/ch-gw-lan.yml b/chaos-at-home/ch-gw-lan.yml index 64e1c8b8..11d65b17 100644 --- a/chaos-at-home/ch-gw-lan.yml +++ b/chaos-at-home/ch-gw-lan.yml @@ -19,13 +19,20 @@ define public_ipv4 = {{ network_zones.magenta.prefix | ipaddr(network_zones.magenta.offsets['ch-router']) | ipaddr('address') }} table ip nat { - chain prerouting { + chain public-services-prerouting { type nat hook prerouting priority -100; policy accept; iif $nic_lan ip daddr $public_ipv4 tcp dport { 222 } dnat to {{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-router']) | ipaddr('address') }} comment "ssh-router" {% for name, svc in network_services.items() %} iif $nic_lan ip daddr $public_ipv4 tcp dport { {{ svc.ports | join(', ') }} } dnat to {{ svc.addr }} comment "{{ name }}" {% endfor %} } + chain public-services-output { + type nat hook output priority -100; policy accept; + ip daddr $public_ipv4 tcp dport { 222 } dnat to {{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-router']) | ipaddr('address') }} comment "ssh-router" + {% for name, svc in network_services.items() %} + ip daddr $public_ipv4 tcp dport { {{ svc.ports | join(', ') }} } dnat to {{ svc.addr }} comment "{{ name }}" + {% endfor %} + } } dest: /etc/nftables.d/public-services.nft notify: reload nftables |