search

voxpupuli / puppet-ferm

Puppet module to manage the ferm firewall tooling
GNU Affero General Public License v3.0
2 stars 10 forks source link

DNAT/SNAT? #77

Open dragon2611 opened 4 years ago

dragon2611 commented 4 years ago

I might just be missing it, but how do you use the DNAT/SNAT functions as I don't see the paramater to set the DNAT/SNAT Target for the translated packet

dragon2611 commented 4 years ago

I did have a go at modifying rules.pp and whilst I could get the module to parse the new variables I'd defined I couldn't get it to only do it for IPv4, which ended up trying to put an IPv4 NAT rule in ip6tables.

dragon2611 commented 4 years ago

The idea I was trying to implement was to add snatip and dnattarget and then change the logic for the SNAT and DNAT action to make use of them.

Because the way the tables are setup however all I ever managed to do was insert the rule in iptables and ip6tables causing the latter to fail since you can't specify an IPv4 destination in an IPv6 firewall

I did try looking at the logic for daddr/saddr and re-using ipfilter but I didn't manage it and I'm not even sure if that's where I should have been looking.