blob: 9ac3774a7222c7cc18683e76381617f3605544f0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
table ip nat {
map ipportmap2 {
type ipv4_addr . ipv4_addr : interval ipv4_addr . inet_service
flags interval
elements = { 192.168.1.2 . 192.168.2.2 : 127.0.0.0/8 . 42-43 }
}
map fwdtoip_th {
type ipv4_addr . inet_service : interval ipv4_addr . inet_service
flags interval
elements = { 1.2.3.4 . 10000-20000 : 192.168.3.4 . 30000-40000 }
}
map ipportmap4 {
typeof iifname . ip saddr : interval ip daddr
flags interval
elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69/32,
"enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 }
}
map ipportmap5 {
typeof iifname . ip saddr : interval ip daddr . tcp dport
flags interval
elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22,
"enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 }
}
chain prerouting {
type nat hook prerouting priority dstnat; policy accept;
ip protocol tcp dnat ip to ip saddr . ip daddr map @ipportmap2
meta l4proto { tcp, udp } dnat ip to ip daddr . th dport map @fwdtoip_th
dnat ip to iifname . ip saddr map @ipportmap4
meta l4proto tcp dnat ip to iifname . ip saddr map @ipportmap5
}
}
|