firewall rules, temporarily disabled until I get them working
-#### begin port forwarding rules ####
- # each port forward needs corresponding forward in the vpn server
-config redirect
- option name ssh
- option src wan
- # example of using a non-standard port
- # and comment out the 22 port line
- # option src_dport 63321
- # option dest_port 22 # already default
- option src_dport 22
- option dest_ip 192.168.1.2
- option dest lan
-config rule
- option src wan
- option target ACCEPT
- option dest_port 22
+# each port forward needs corresponding forward in the vpn server
+
+
+#http/https
+
config redirect
+#### begin rules for nfs ####
+# https://serverfault.com/questions/377170/which-ports-do-i-need-to-open-in-the-firewall-to-use-nfs
+# https://wiki.debian.org/SecuringNFS
+# I had no /etc/default/quota, or any process named quota anything,
+# so, assumed that was unneeded. seems to work.
+config redirect
+ option src wan
+ option src_dport 111
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 111
+config redirect
+ option src wan
+ option src_dport 2049
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 2049
+config redirect
+ option src wan
+ option src_dport 32764
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32764
+config redirect
+ option src wan
+ option src_dport 32765
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32765
+config redirect
+ option src wan
+ option src_dport 32766
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32766
+config redirect
+ option src wan
+ option src_dport 32767
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32767
+config redirect
+ option src wan
+ option src_dport 32768
+ option dest_ip 192.168.1.2
+ option dest lan
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 32768
+#### end rules for nfs ####
-# http server
- # for https
- # config redirect
- # option src wan
- # option src_dport 443
- # option dest lan
- # option dest_ip 192.168.1.2
- # option proto tcp
-
- # config rule
- # option src wan
- # option target ACCEPT
- # option dest_port 443
- # option proto tcp
-
- # config redirect
- # option src wan
- # option src_dport 80
- # option dest lan
- # option dest_ip 192.168.1.2
- # option proto tcp
+config redirect
+ option name mariadb
+ option src wan
+ option src_dport 3306
+ option dest lan
+ option dest_ip 192.168.1.2
+ option proto tcp
+config rule
+ option src wan
+ option target ACCEPT
+ option dest_port 3306
+ option proto tcp
- # config rule
- # option src wan
- # option target ACCEPT
- # option dest_port 80
- # option proto tcp
-#### end port forwarding rules ####