search for: iface_lan_ip

...d package and replaced it by a simple Iptables script: --8<---------------------------------------------------- #!/bin/sh # # firewall-lan.sh IPT=$(which iptables) MOD=$(which modprobe) SYS=$(which sysctl) SERVICE=$(which service) # Internet IFACE_INET=enp2s0 # R?seau local IFACE_LAN=enp3s0 IFACE_LAN_IP=192.168.2.0/24 # Relais des paquets (yes/no) MASQ=yes # Tout accepter $IPT -t filter -P INPUT ACCEPT $IPT -t filter -P FORWARD ACCEPT $IPT -t filter -P OUTPUT ACCEPT $IPT -t nat -P PREROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P OUTPUT ACCEPT $IPT -t mangle -P PREROUTING ACCEPT...

...----------------------------------------- > #!/bin/sh > # > # firewall-lan.sh > > IPT=$(which iptables) > MOD=$(which modprobe) > SYS=$(which sysctl) > SERVICE=$(which service) > > # Internet > IFACE_INET=enp2s0 > > # R?seau local > IFACE_LAN=enp3s0 > IFACE_LAN_IP=192.168.2.0/24 > > # Relais des paquets (yes/no) > MASQ=yes > > # Tout accepter > $IPT -t filter -P INPUT ACCEPT > $IPT -t filter -P FORWARD ACCEPT > $IPT -t filter -P OUTPUT ACCEPT > $IPT -t nat -P PREROUTING ACCEPT > $IPT -t nat -P POSTROUTING ACCEPT > $IPT -t n...

...------------------- And here's the corresponding section of my firewall script: --8<------------------------------------------------------------- # Commandes IPT=/usr/sbin/iptables SYS=/usr/sbin/sysctl SERVICE=/usr/sbin/service # Internet IFACE_INET=enp2s0 # R?seau local IFACE_LAN=virbr0 IFACE_LAN_IP=192.168.2.0/24 # Serveur SERVER_IP=192.168.2.1 ... # Squid $IPT -A INPUT -p tcp -i $IFACE_LAN --dport 3128 -j ACCEPT $IPT -A INPUT -p udp -i $IFACE_LAN --dport 3128 -j ACCEPT $IPT -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d $SERVER_IP \ --dport 80 -j REDIRECT --to-port 3128 $IPT -A INPUT -p...