- 2012/11/22 - [OS/Ubuntu] - ubuntu server install 후 설정
- UFW Allowing IP range
- ufw allow proto tcp from xxx.xxx.0.0/xxx.xxx.255.255 to any port 22
- The /24 at the end of the address is the network mask, in CIDR notation. You can look up netmask calculators to figure out what it means, but basically /24 means a netmask of 255.255.255.0 - How to configure ufw to forward port 80/443 to internal server hosted on LAN
- How to manage and forward ports with UFW on Ubuntu 18.04
sudo ufw allow in 80,443/tcp
sudo ufw allow in 3690/tcp
# sudo ufw delete allow 80,443/tcp # 삭제
# sudo ufw delete allow out 80,443/tcp # 삭제
# sudo ufw allow in http
# sudo ufw allow in https
sudo ufw allow from xxx.xxx.xxx.xxx to any port 22
sudo ufw allow from xxx.xxx.xxx.1/24 to any port 22
sudo ufw allow out 53,137,138/udp
sudo ufw allow out 3690/tcp
sudo ufw delete allow out 3690/tcp # 삭제
sudo ufw allow out 22,80,443,5900,8001/tcp
sudo ufw allow out ntp
sudo ufw delete deny out to any
sudo ufw deny out to any
# sudo ufw deny out any 가 항상 마지막에 있도록 설정
sudo ufw status numbered포워딩 forward
# sudo vi /etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 22 -j REDIRECT --to-port 222
COMMITDNAT
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d {PUBLIC_IP} --dport 80 -j DNAT --to 192.168.1.100:80
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d {PUBLIC_IP} --dport 443 -j DNAT --to 192.168.1.100:443
/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE# sudo vi /etc/ufw/before.rules
*nat
:PREROUTING ACCEPT [0:0]
# forward {PUBLIC_IP} port 80 to 192.168.1.100:80
# forward {PUBLIC_IP} port 443 to 192.168.1.100:443
-A PREROUTING -i eth0 -d {PUBLIC_IP} -p tcp --dport 80 -j DNAT --to-destination 192.168.1.100:80
-A PREROUTING -i eth0 -d {PUBLIC_IP} -p tcp --dport 443 -j DNAT --to-destination 192.168.1.100:443
# setup routing
-A POSTROUTING -s 192.168.1.0/24 ! -d 192.168.1.0/24 -j MASQUERADE
COMMIT
Love It반응형