X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=wrt-setup;h=6fe2168f23e6ea69b38d8bc98b41752b37c97c15;hb=99439572819ac875b329189d7b9162a5bb8bc805;hp=17c31c22da54a30d7a667534adf248cc8f92adea;hpb=2270b587d0b631dbe2542efb0472fed5c85b211b;p=automated-distro-installer diff --git a/wrt-setup b/wrt-setup index 17c31c2..6fe2168 100755 --- a/wrt-setup +++ b/wrt-setup @@ -204,28 +204,28 @@ config rule option dest_port 2222 config redirect - option src wan - option src_dport 443 - option dest lan - option dest_ip 192.168.1.2 - option proto tcp + option src wan + option src_dport 443 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp config rule - option src wan - option target ACCEPT - option dest_port 443 - option proto tcp + option src wan + option target ACCEPT + option dest_port 443 + option proto tcp config redirect - option src wan - option src_dport 80 - option dest lan - option dest_ip 192.168.1.2 - option proto tcp + option src wan + option src_dport 80 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp config rule - option src wan - option target ACCEPT - option dest_port 80 - option proto tcp + option src wan + option target ACCEPT + option dest_port 80 + option proto tcp config redirect option name syncthing @@ -238,6 +238,91 @@ config rule option target ACCEPT option dest_port 22001 +#### begin rules for nfs #### +# https://serverfault.com/questions/377170/which-ports-do-i-need-to-open-in-the-firewall-to-use-nfs +# https://wiki.debian.org/SecuringNFS +# I had no /etc/default/quota, or any process named quota anything, +# so, assumed that was unneeded. seems to work. +config redirect + option src wan + option src_dport 111 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 111 +config redirect + option src wan + option src_dport 2049 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 2049 +config redirect + option src wan + option src_dport 32764 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32764 +config redirect + option src wan + option src_dport 32765 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32765 +config redirect + option src wan + option src_dport 32766 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32766 +config redirect + option src wan + option src_dport 32767 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32767 +config redirect + option src wan + option src_dport 32768 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32768 +#### end rules for nfs #### + + +config redirect + option name mariadb + option src wan + option src_dport 3306 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp +config rule + option src wan + option target ACCEPT + option dest_port 3306 + option proto tcp + + EOF @@ -246,8 +331,8 @@ EOF dnsmasq_restart=false v cedit /etc/hosts <