--destination $VPN_INTERNAL_IP \
--destination-port 1194 \
--jump ACCEPT
-# forward smtp and dns requests
-# from the internet
-# to the perimeter svc host
-#$IPTABLES --table filter --append FORWARD \
-# --match comment \
-# --comment "smtp, dns -> perimeter service host" \
-# --protocol tcp \
-# --in-interface $EXTERNAL_IF_STATIC \
-# --out-interface $PERIMETER_IF \
-# --destination $SVC_PERIMETER_IP \
-# --match multiport \
-# --destination-ports 25,53 \
-# --jump ACCEPT
-# forward smtp and dns replies
-# of established sessions
-# from the perimeter svc host
-# to the internet
-#$IPTABLES --table filter --append FORWARD \
-# --match comment \
-# --comment "perimeter service host smtp, dns replies" \
-# --protocol tcp \
-# --match conntrack \
-# --ctstate ESTABLISHED \
-# --in-interface $PERIMETER_IF \
-# --source $SVC_PERIMETER_IP \
-# --match multiport \
-# --source-ports 25,53 \
-# --out-interface $EXTERNAL_IF_STATIC \
-# --jump ACCEPT
# forward http and https requests
# from the internet
# to the perimeter web server host
--source-ports 80,443 \
--out-interface $EXTERNAL_IF_STATIC \
--jump ACCEPT
-## forward http and https requests
-## from the internet
-## to the perimeter whmcs host
-#$IPTABLES --table filter --append FORWARD \
-# --match comment \
-# --comment "http, https -> perimeter whmcs host" \
-# --protocol tcp \
-# --in-interface $EXTERNAL_IF_194 \
-# --out-interface $PERIMETER_IF \
-# --destination $WHMCS_PERIMETER_IP \
-# --match multiport \
-# --destination-ports 80,443 \
-# --jump ACCEPT
-## forward http and https replies
-## of established sessions
-## from the perimeter whmcs host
-## to the internet
-#$IPTABLES --table filter --append FORWARD \
-# --match comment \
-# --comment "perimeter whmcs host http, https replies" \
-# --protocol tcp \
-# --match conntrack \
-# --ctstate ESTABLISHED \
-# --in-interface $PERIMETER_IF \
-# --source $WHMCS_PERIMETER_IP \
-# --match multiport \
-# --source-ports 80,443 \
-# --out-interface $EXTERNAL_IF_194 \
-# --jump ACCEPT
# forward dns requests and notifications
# from the internet
# to the external name server host
--out-interface $PERIMETER_IF \
--destination $SVC_PERIMETER_IP \
--jump ACCEPT
-# forward http and https requests
+# forward smtp, http and https requests
# from the perimeter web server host
# to the internet
$IPTABLES --table filter --append FORWARD \
--match comment \
- --comment "perimeter ws host http, https requests (let's encrypt)" \
+ --comment "perimeter ws host smtp, http, https requests (let's encrypt)" \
--protocol tcp \
--in-interface $PERIMETER_IF \
--source $WS_PERIMETER_IP \
--out-interface $EXTERNAL_IF_STATIC \
--match multiport \
- --destination-ports 80,443 \
+ --destination-ports 25,80,443 \
--jump ACCEPT
-# forward http and https replies
+# forward smtp, http and https replies
# of established sessions
# from the internet
# to the perimeter web server host
$IPTABLES --table filter --append FORWARD \
--match comment \
- --comment "perimeter ws host http, https replies (let's encrypt)" \
+ --comment "perimeter ws host smtp, http, https replies (let's encrypt)" \
--protocol tcp \
--match conntrack \
--ctstate ESTABLISHED \
--in-interface $EXTERNAL_IF_STATIC \
--match multiport \
- --source-ports 80,443 \
+ --source-ports 25,80,443 \
--out-interface $PERIMETER_IF \
--destination $WS_PERIMETER_IP \
--jump ACCEPT
https://git.useribm.hu / user-lxc.git / commitdiff