[Résolved] ufw to forward/routing between two network cards

F

FogHunter

New Member
Mar 17, 2022
1
0
1
30
Hello, I explain you my problem
I succeeded via iptable to make the redirection towards other network cart but it is not easy and I will say that I make an allergy to iptable

here is what I managed to do via iptable
file /etc/network/interface/
Code: 
auto lo
iface lo inet loopback

iface eno1 inet manual

auto vmbr0
iface vmbr0 inet static
        address 99.20.29.115/24
        gateway 99.20.29.254
        bridge-ports eno1
        bridge-stp off
        bridge-fd 0
        hwaddress 70:56:D1:19:F9:80

auto vmbr1
iface vmbr1 inet static
        address 192.168.50.254/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up iptables -t nat -A POSTROUTING -s '192.168.50.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '192.168.50.0/24' -o vmbr0 -j MASQUERADE

auto vmbr2
iface vmbr2 inet static
        address 192.168.100.250/24
        bridge-ports none
        bridge-stp off
        bridge-fd 0


iptable script (works halfway)
Code: 
#!/bin/bash
## BEGIN INIT INFO
# Provides:          Firewall maison
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# X-Interactive:     false
# Short-Description: Firewall maison
### END INIT INFO


#pour le serveur web
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.50.253
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.50.253
#pour le vpn en UDP
sudo iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 59630 -j DNAT --to 192.168.50.253
#mail STMP/SMTPS
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 25 -j DNAT --to 192.168.50.253
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 465 -j DNAT --to 192.168.50.253
#postfix submission
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 587 -j DNAT --to 192.168.50.253
#doveco IMAP/IMAPS
#sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 143 -j DNAT --to 192.168.50.253
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 993 -j DNAT --to 192.168.50.253
#doveco POP3/POP3S
#sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 110 -j DNAT --to 192.168.50.253
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 993 -j DNAT --to 192.168.50.253
#Dovecot ManageSieve
sudo iptables -t nat -A PREROUTING -i vmbr0 -p tcp --dport 4190 -j DNAT --to 192.168.50.253

I would like to do the same thing but in ufw
I tried in ufw but the result is that nothing works after activating ufw

here is what in my ufw user.rule
Code: 
### RULES ###

### tuple ### allow tcp 443 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 443 -j ACCEPT

### tuple ### allow tcp 80 0.0.0.0/0 any 0.0.0.0/0 in
-A ufw-user-input -p tcp --dport 80 -j ACCEPT

### tuple ### allow any 8006 0.0.0.0/0 any 0.0.0.0/0 in_vmbr2
-A ufw-user-input -i vmbr2 -p tcp --dport 8006 -j ACCEPT
-A ufw-user-input -i vmbr2 -p udp --dport 8006 -j ACCEPT

### tuple ### deny any 22 0.0.0.0/0 any 0.0.0.0/0 in_vmbr0
-A ufw-user-input -i vmbr0 -p tcp --dport 22 -j DROP
-A ufw-user-input -i vmbr0 -p udp --dport 22 -j DROP

### tuple ### deny any 8006 0.0.0.0/0 any 0.0.0.0/0 in_vmbr0
-A ufw-user-input -i vmbr0 -p tcp --dport 8006 -j DROP
-A ufw-user-input -i vmbr0 -p udp --dport 8006 -j DROP

### tuple ### allow any 59728 0.0.0.0/0 any 0.0.0.0/0 in_vmbr0
-A ufw-user-input -i vmbr0 -p tcp --dport 59630 -j ACCEPT
-A ufw-user-input -i vmbr0 -p udp --dport 59630 -j ACCEPT

### tuple ### allow any 59728 0.0.0.0/0 any 0.0.0.0/0 in_vmbr1
-A ufw-user-input -i vmbr1 -p tcp --dport 59630 -j ACCEPT
-A ufw-user-input -i vmbr1 -p udp --dport 59630 -j ACCEPT

and in my before.rules
Code: 
# don't delete the 'COMMIT' line or these rules won't be processed

:POSTROUTING ACCEPT [0:0]

#transmission du trafic provenant de vmbr1 vers vmbr0
-A POSTROUTING -s 192.168.50.0/24 -o vmbr0 -j MASQUERADE

#transmission du trafic provenant de vmbr0 vers vmbr1
-A POSTROUTING -s 99.20.29.115/24 -o vmbr1 -j MASQUERADE

# transfert des requêtes vpn entrante
-A PREROUTING -i vmbr1 -p udp --dport  -j DNAT --to 192.168.10.253:59630

# transfert des requêtes web
-A PREROUTING -i vmbr1 -p tcp --dport  -j DNAT --to 192.168.10.253:80
-A PREROUTING -i vmbr1 -p tcp --dport  -j DNAT --to 192.168.10.253:443


COMMIT
if not another solution if ever it is not possible via ufw I would like help because some iptable redirection does not work I have this error instead
Code: 
iptables: No chain/target/match by that name.
iptables: No chain/target/match by that name.

it does it only for its two iptable rules
Code: 
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 80 -j DNAT --to 192.168.50.253
sudo iptables -t nat -D PREROUTING -i vmbr0 -p tcp --dport 443 -j DNAT --to 192.168.50.253

can you help me i can't see myself continuing with iptable
I know that ufw is simpler but I can't do it totally


thank you for your future help on this subject
Sincerely
 
Last edited:
You must log in or register to reply here.
Top Bottom