この様な環境を構築する
今回はここのFWのルールを設定する
上から評価される。デフォルトのルールは一番最後に適用される
NATの設定
nano /etc/default/ufw
nano /etc/ufw/before.rules
以下を追加
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#########################################33
nano /etc/ufw/before.rules
# NAT rules
*nat
:POSTROUTING ACCEPT [0:0]
-F
-A PREROUTING -p tcp --dst 10.0.2.22 -m multiport --dports 22,80 -j DNAT --to-destination 192.168.40.19
-A POSTROUTING -p tcp --dst 192.168.40.19 -m multiport --dports 22,80 -j SNAT --to-source 192.168.40.18
-A POSTROUTING -s 192.168.40.0/24 -o enp7s0 -j MASQUERADE
-A POSTROUTING -s 192.168.50.0/24 -o enp7s0 -j MASQUERADE
-A POSTROUTING -s 192.168.60.0/24 -o enp7s0 -j MASQUERADE
COMMIT
#############################################
ufw allow ssh
ufw allow http
ufw route allow from 192.168.40.0/24 to 10.0.0.0/16
ufw route allow from 192.168.50.0/24 to 10.0.0.0/16
ufw route allow from 192.168.60.0/24 to 10.0.0.0/16
ufw route allow from 192.168.50.0/24 to 192.168.60.0/24
ufw route allow from 192.168.60.0/24 to 192.168.50.0/24
ufw route allow from 192.168.40.19 to 192.168.50.45
ufw route allow from 192.168.50.45 to 192.168.40.19
ufw route allow in on enp10s0 out on enp7s0 to 0.0.0.0/0
ufw route allow in on enp8s0 out on enp7s0 to 0.0.0.0/0
ufw route allow in on enp9s0 out on enp7s0 to 0.0.0.0/0
参考文献
- https://server-network-note.net/2022/07/ubuntu-server-22-04-lts-firewall-ufw/
- https://qiita.com/tukiyo3/items/56525cb1b30cdd19fade
- https://www.server-world.info/query?os=Ubuntu_22.04&p=ufw&f=2
- https://qiita.com/RyoMa_0923/items/681f86196997bea236f0
- https://rohhie.net/ubuntu20-04-use-ufw-to-make-a-router/
- https://hico-horiuchi.hateblo.jp/entry/20141128/1417161916
- https://ubuntu-nikki.hatenadiary.org/entry/20100921/1285077768