Commit b16ac6fa authored by Jocelyn Delalande's avatar Jocelyn Delalande

router: Do not depend on vpn-client vars

parent 0df75998
......@@ -3,7 +3,7 @@
:INPUT ACCEPT [3042:265664]
:FORWARD ACCEPT [1054726:351421618]
:OUTPUT ACCEPT [2499:224234]
-A FORWARD -o {{ vpn_iface }} -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200
-A FORWARD -i {{ vpn_iface }} -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200
-A FORWARD -o {{ wan_ip6_iface }} -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200
-A FORWARD -i {{ wan_ip6_iface }} -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200
COMMIT
# Completed on Thu Sep 18 04:12:50 2014
......@@ -5,10 +5,10 @@
:OUTPUT ACCEPT [10935:1902427]
{% for rule in ip4_port_redirections %}
-A PREROUTING -i {{ vpn_iface }} -p {{ rule.proto }} --dport {{ rule.port }} -j DNAT --to {{ rule.host }}:{{ rule.dst_port | default(rule.port) }}
-A PREROUTING -i {{ wan_ip4_iface }} -p {{ rule.proto }} --dport {{ rule.port }} -j DNAT --to {{ rule.host }}:{{ rule.dst_port | default(rule.port) }}
{% endfor %}
-A POSTROUTING -s {{ dmz_ip4 }} -o {{ vpn_iface }} -j MASQUERADE
-A POSTROUTING -s {{ dmz_ip4 }} -o {{ wan_ip4_iface }} -j MASQUERADE
-A PREROUTING -d {{ public_ip4 }} -p tcp -j DNAT --to-destination {{ dmz_ip4_host }}
-A OUTPUT -d {{ public_ip4 }} -p tcp -j DNAT --to-destination {{ dmz_ip4_host }}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment