[Résolved] ufw to forward/routing between two network cards

F

FogHunter

New Member
Mar 17, 2022
1
0
1
29
Hello, I explain you my problem
I succeeded via iptable to make the redirection towards other network cart but it is not easy and I will say that I make an allergy to iptable

here is what I managed to do via iptable
file /etc/network/interface/
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 99.20.29.115/24
        gateway 99.20.29.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        hwaddress 70:56:D1:19:F9:80

auto vmbr1
iface vmbr1 inet static
        address 192.168.50.254/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.50.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.50.0/24' -o vmbr0 -j MASQUERADE

auto vmbr2
iface vmbr2 inet static
        address 192.168.100.250/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0


iptable script (works halfway)
Code: 
#!/bin/bash
## BEGIN INIT INFO
# Provides:          Firewall maison
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# X-Interactive:     false
# Short-Description: Firewall maison
### END INIT INFO


#pour le serveur web
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.50.253
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.50.253
#pour le vpn en UDP
sudo iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 59630 -j DNAT --to 192.168.50.253
#mail STMP/SMTPS
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 25 -j DNAT --to 192.168.50.253
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 465 -j DNAT --to 192.168.50.253
#postfix submission
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 587 -j DNAT --to 192.168.50.253
#doveco IMAP/IMAPS
#sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 143 -j DNAT --to 192.168.50.253
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 993 -j DNAT --to 192.168.50.253
#doveco POP3/POP3S
#sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 110 -j DNAT --to 192.168.50.253
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 993 -j DNAT --to 192.168.50.253
#Dovecot ManageSieve
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 4190 -j DNAT --to 192.168.50.253

I would like to do the same thing but in ufw
I tried in ufw but the result is that nothing works after activating ufw

here is what in my ufw user.rule
Code: 
### RULES ###

### tuple ### allow tcp 443 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 443 -j ACCEPT

### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 80 -j ACCEPT

### tuple ### allow any 8006 0.0.0.0/0 any 0.0.0.0/0 in_vmbr2
-A ufw-user-input -i vmbr2 -p tcp --dport 8006 -j ACCEPT
-A ufw-user-input -i vmbr2 -p udp --dport 8006 -j ACCEPT

### tuple ### deny any 22 0.0.0.0/0 any 0.0.0.0/0 in_vmbr0
-A ufw-user-input -i vmbr0 -p tcp --dport 22 -j DROP
-A ufw-user-input -i vmbr0 -p udp --dport 22 -j DROP

### tuple ### deny any 8006 0.0.0.0/0 any 0.0.0.0/0 in_vmbr0
-A ufw-user-input -i vmbr0 -p tcp --dport 8006 -j DROP
-A ufw-user-input -i vmbr0 -p udp --dport 8006 -j DROP

### tuple ### allow any 59728 0.0.0.0/0 any 0.0.0.0/0 in_vmbr0
-A ufw-user-input -i vmbr0 -p tcp --dport 59630 -j ACCEPT
-A ufw-user-input -i vmbr0 -p udp --dport 59630 -j ACCEPT

### tuple ### allow any 59728 0.0.0.0/0 any 0.0.0.0/0 in_vmbr1
-A ufw-user-input -i vmbr1 -p tcp --dport 59630 -j ACCEPT
-A ufw-user-input -i vmbr1 -p udp --dport 59630 -j ACCEPT

and in my before.rules
Code: 
# don't delete the 'COMMIT' line or these rules won't be processed

:POSTROUTING ACCEPT [0:0]

#transmission du trafic provenant de vmbr1 vers vmbr0
-A POSTROUTING -s 192.168.50.0/24 -o vmbr0 -j MASQUERADE

#transmission du trafic provenant de vmbr0 vers vmbr1
-A POSTROUTING -s 99.20.29.115/24 -o vmbr1 -j MASQUERADE

# transfert des requêtes vpn entrante
-A PREROUTING -i vmbr1 -p udp --dport  -j DNAT --to 192.168.10.253:59630

# transfert des requêtes web
-A PREROUTING -i vmbr1 -p tcp --dport  -j DNAT --to 192.168.10.253:80
-A PREROUTING -i vmbr1 -p tcp --dport  -j DNAT --to 192.168.10.253:443


COMMIT
if not another solution if ever it is not possible via ufw I would like help because some iptable redirection does not work I have this error instead
Code: 
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

it does it only for its two iptable rules
Code: 
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.50.253
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.50.253

can you help me i can't see myself continuing with iptable
I know that ufw is simpler but I can't do it totally


thank you for your future help on this subject
Sincerely
 
Last edited:
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom