X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-disabled-firewall-rules;h=b2cfdf08a0df08a21ac92dd309f35855f719ecf2;hp=18630cd2f737708b88d08b9538bb9403651bd745;hb=6ca069946c8ff88d79d1ae421e0eda60ae1c514c;hpb=ce6db3967cb73d7169cc8b410e53e2ecbd506752 diff --git a/wrt-disabled-firewall-rules b/wrt-disabled-firewall-rules index 18630cd..b2cfdf0 100644 --- a/wrt-disabled-firewall-rules +++ b/wrt-disabled-firewall-rules @@ -1,22 +1,11 @@ firewall rules, temporarily disabled until I get them working -#### begin port forwarding rules #### - # each port forward needs corresponding forward in the vpn server -config redirect - option name ssh - option src wan - # example of using a non-standard port - # and comment out the 22 port line - # option src_dport 63321 - # option dest_port 22 # already default - option src_dport 22 - option dest_ip 192.168.1.2 - option dest lan -config rule - option src wan - option target ACCEPT - option dest_port 22 +# each port forward needs corresponding forward in the vpn server + + +#http/https + config redirect @@ -31,20 +20,10 @@ config rule option target ACCEPT option dest_port 63324 -config redirect - option name frodobittorrent - option src vpn - option src_dport 63326 - option dest_ip 192.168.1.3 - option dest lan -config rule - option src vpn - option target ACCEPT - option dest_port 63326 config redirect - option name treetowlsyncthing + option name kdsyncthing option src vpn option src_dport 22000 option dest_ip 192.168.1.2 @@ -69,34 +48,88 @@ config rule +#### begin rules for nfs #### +# https://serverfault.com/questions/377170/which-ports-do-i-need-to-open-in-the-firewall-to-use-nfs +# https://wiki.debian.org/SecuringNFS +# I had no /etc/default/quota, or any process named quota anything, +# so, assumed that was unneeded. seems to work. +config redirect + option src wan + option src_dport 111 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 111 +config redirect + option src wan + option src_dport 2049 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 2049 +config redirect + option src wan + option src_dport 32764 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32764 +config redirect + option src wan + option src_dport 32765 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32765 +config redirect + option src wan + option src_dport 32766 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32766 +config redirect + option src wan + option src_dport 32767 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32767 +config redirect + option src wan + option src_dport 32768 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32768 +#### end rules for nfs #### -# http server - # for https - # config redirect - # option src wan - # option src_dport 443 - # option dest lan - # option dest_ip 192.168.1.2 - # option proto tcp - - # config rule - # option src wan - # option target ACCEPT - # option dest_port 443 - # option proto tcp - - # config redirect - # option src wan - # option src_dport 80 - # option dest lan - # option dest_ip 192.168.1.2 - # option proto tcp +config redirect + option name mariadb + option src wan + option src_dport 3306 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp +config rule + option src wan + option target ACCEPT + option dest_port 3306 + option proto tcp - # config rule - # option src wan - # option target ACCEPT - # option dest_port 80 - # option proto tcp -#### end port forwarding rules ####