# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
iface eno1 inet manual
iface eno2 inet manual
auto vmbr0
iface vmbr0 inet static
address public.ip.x.x
netmask 255.255.255.0
hwaddress xx:xx:xx:xx:xx:xx
gateway public.ip.x.1
bridge_ports eno1
bridge_stp off
bridge_fd 0
auto vmbr2
iface vmbr2 inet static
address 192.168.1.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up /root/run-nat.sh
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
#!/bin/bash
#read -p "Teamspeak could have people, are you sure? [y/n]" -n 1 -r
#echo # (optional) move to a new line
#if [[ $REPLY =~ ^[Nn]$ ]]
#then
# exit
#fi
iptables -t nat -F
iptables -t nat -X
iptables -t nat -Z
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o vmbr0 -j SNAT --to public.ip.x.x
#### This here fix the problem from NAT VM not be able to access url that are on the reverse-proxy via the public IP
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -d public.ip.x.x -p tcp --dport 80 -j DNAT --to-destination 192.168.1.2:80
iptables -t nat -A PREROUTING -s 192.168.1.0/24 -d public.ip.x.x -p tcp --dport 443 -j DNAT --to-destination 192.168.1.2:443
iptables -t nat -A POSTROUTING -j MASQUERADE
function addNat {
iptables -t nat -A PREROUTING -p $1 -d $2 --dport $3 -i vmbr0 -j DNAT --to-destination $4:$5
}
if [ -f /etc/nat.conf ]
then
# Nettoyage du fichier de configuration
cat /etc/nat.conf | grep -v "^\s*#" | grep -v "^\s*$" |sed -e 's/^\s*//g' > /tmp/nat.$$.txt
while IFS=:- read tcpudp ipout portout ipin portin
do
addNat $tcpudp $ipout $portout $ipin $portin
done < /tmp/nat.$$.txt
rm /tmp/nat.$$.txt
fi