This repository has been archived on 2024-04-29. You can view files and clone it, but cannot push or open issues or pull requests.
vyos-config/config-parts/nat.sh

81 lines
3.7 KiB
Bash

#!/bin/vbash
# Forward Plex to Sting
set nat destination rule 110 description 'PLEX'
set nat destination rule 110 destination port '32400'
set nat destination rule 110 inbound-interface 'eth0'
set nat destination rule 110 protocol 'tcp'
set nat destination rule 110 translation address '10.1.1.12'
set nat destination rule 110 translation port '32400'
# Force DNS
set nat destination rule 102 description 'Force DNS for IoT'
set nat destination rule 102 destination address '!10.5.0.4'
set nat destination rule 102 destination port '53'
set nat destination rule 102 inbound-interface 'eth1.40'
set nat destination rule 102 protocol 'tcp_udp'
set nat destination rule 102 translation address '10.5.0.4'
set nat destination rule 102 translation port '53'
set nat destination rule 103 description 'Force DNS for Video'
set nat destination rule 103 destination address '!10.5.0.4'
set nat destination rule 103 destination port '53'
set nat destination rule 103 inbound-interface 'eth1.50'
set nat destination rule 103 protocol 'tcp_udp'
set nat destination rule 103 translation address '10.5.0.4'
set nat destination rule 103 translation port '53'
set nat destination rule 104 description 'Force NTP for LAN'
set nat destination rule 104 destination address '!10.1.0.1'
set nat destination rule 104 destination port '123'
set nat destination rule 104 inbound-interface 'eth1'
set nat destination rule 104 protocol 'udp'
set nat destination rule 104 translation address '10.1.0.1'
set nat destination rule 104 translation port '123'
# Force NTP
set nat destination rule 105 description 'Force NTP for Servers'
set nat destination rule 105 destination address '!10.1.1.1'
set nat destination rule 105 destination port '123'
set nat destination rule 105 inbound-interface 'eth1.10'
set nat destination rule 105 protocol 'udp'
set nat destination rule 105 translation address '10.1.1.1'
set nat destination rule 105 translation port '123'
set nat destination rule 106 description 'Force NTP for Trusted'
set nat destination rule 106 destination address '!10.1.2.1'
set nat destination rule 106 destination port '123'
set nat destination rule 106 inbound-interface 'eth1.20'
set nat destination rule 106 protocol 'udp'
set nat destination rule 106 translation address '10.1.2.1'
set nat destination rule 106 translation port '123'
set nat destination rule 107 description 'Force NTP for IoT'
set nat destination rule 107 destination address '!10.1.3.1'
set nat destination rule 107 destination port '123'
set nat destination rule 107 inbound-interface 'eth1.40'
set nat destination rule 107 protocol 'udp'
set nat destination rule 107 translation address '10.1.3.1'
set nat destination rule 107 translation port '123'
set nat destination rule 108 description 'Force NTP for Video'
set nat destination rule 108 destination address '!10.1.4.1'
set nat destination rule 108 destination port '123'
set nat destination rule 108 inbound-interface 'eth1.50'
set nat destination rule 108 protocol 'udp'
set nat destination rule 108 translation address '10.1.4.1'
set nat destination rule 108 translation port '123'
set nat destination rule 109 description 'Force NTP for Wireguard Trusted'
set nat destination rule 109 destination address '!10.0.11.1'
set nat destination rule 109 destination port '123'
set nat destination rule 109 inbound-interface 'wg01'
set nat destination rule 109 protocol 'udp'
set nat destination rule 109 translation address '10.0.11.1'
set nat destination rule 109 translation port '123'
# LAN -> WAN masquerade
set nat source rule 100 description 'LAN -> WAN'
set nat source rule 100 destination address '0.0.0.0/0'
set nat source rule 100 outbound-interface 'eth0'
set nat source rule 100 translation address 'masquerade'