X-Git-Url: https://iankelling.org/git/?p=automated-distro-installer;a=blobdiff_plain;f=wrt-setup;h=86e82cfd128c78beb2cad792db041b3bb5f07ec0;hp=17c31c22da54a30d7a667534adf248cc8f92adea;hb=efcfb463ceda4de1d9953da31a2c0737471e5cf8;hpb=2270b587d0b631dbe2542efb0472fed5c85b211b diff --git a/wrt-setup b/wrt-setup index 17c31c2..86e82cf 100755 --- a/wrt-setup +++ b/wrt-setup @@ -204,28 +204,28 @@ config rule option dest_port 2222 config redirect - option src wan - option src_dport 443 - option dest lan - option dest_ip 192.168.1.2 - option proto tcp + option src wan + option src_dport 443 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp config rule - option src wan - option target ACCEPT - option dest_port 443 - option proto tcp + option src wan + option target ACCEPT + option dest_port 443 + option proto tcp config redirect - option src wan - option src_dport 80 - option dest lan - option dest_ip 192.168.1.2 - option proto tcp + option src wan + option src_dport 80 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp config rule - option src wan - option target ACCEPT - option dest_port 80 - option proto tcp + option src wan + option target ACCEPT + option dest_port 80 + option proto tcp config redirect option name syncthing @@ -238,6 +238,91 @@ config rule option target ACCEPT option dest_port 22001 +#### begin rules for nfs #### +# https://serverfault.com/questions/377170/which-ports-do-i-need-to-open-in-the-firewall-to-use-nfs +# https://wiki.debian.org/SecuringNFS +# I had no /etc/default/quota, or any process named quota anything, +# so, assumed that was unneeded. seems to work. +config redirect + option src wan + option src_dport 111 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 111 +config redirect + option src wan + option src_dport 2049 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 2049 +config redirect + option src wan + option src_dport 32764 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32764 +config redirect + option src wan + option src_dport 32765 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32765 +config redirect + option src wan + option src_dport 32766 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32766 +config redirect + option src wan + option src_dport 32767 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32767 +config redirect + option src wan + option src_dport 32768 + option dest_ip 192.168.1.2 + option dest lan +config rule + option src wan + option target ACCEPT + option dest_port 32768 +#### end rules for nfs #### + + +config redirect + option name mariadb + option src wan + option src_dport 3306 + option dest lan + option dest_ip 192.168.1.2 + option proto tcp +config rule + option src wan + option target ACCEPT + option dest_port 3306 + option proto tcp + + EOF @@ -246,8 +331,8 @@ EOF dnsmasq_restart=false v cedit /etc/hosts <