http://guadec.powercraft.nl/trac/guadec/ticket/7

external IP-address to the reach appliances will be 145.52.240.2 or 145.52.240.3

established incomming and outgoing trafic will not be droped!

reserved bandwidth 3Mbps to 5Mbps, we have more if needed.

/sbin/iptables --append INPUT --protocol tcp --dport 223:225 --jump ACCEPT
/sbin/iptables --append INPUT --in-interface ${WAN01} --protocol tcp --dport 8600:8610 --jump ACCEPT
/sbin/iptables --append INPUT --in-interface ${WAN01} --protocol tcp --dport 8700:8710 --jump ACCEPT
/sbin/iptables --append INPUT --in-interface ${WAN01} --protocol tcp --dport 8800:8810 --jump ACCEPT
/sbin/iptables --append INPUT --in-interface ${WAN02} --protocol tcp --dport 8600:8610 --jump ACCEPT
/sbin/iptables --append INPUT --in-interface ${WAN02} --protocol tcp --dport 8700:8710 --jump ACCEPT
/sbin/iptables --append INPUT --in-interface ${WAN02} --protocol tcp --dport 8800:8810 --jump ACCEPT
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 223 --jump LOG --log-prefix "PREROUTING01: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 223 --jump DNAT --to 192.168.30.10:22
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 224 --jump LOG --log-prefix "PREROUTING02: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 224 --jump DNAT --to 192.168.30.11:22
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 225 --jump LOG --log-prefix "PREROUTING03: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 225 --jump DNAT --to 192.168.30.12:22
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 8600:8610 --jump LOG --log-prefix "PREROUTING04: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 8600:8610 --jump DNAT --to 192.168.30.10
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 8700:8710 --jump LOG --log-prefix "PREROUTING05: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 8700:8710 --jump DNAT --to 192.168.30.11
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 8800:8810 --jump LOG --log-prefix "PREROUTING06: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN01} --dport 8800:8810 --jump DNAT --to 192.168.30.12
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 223 --jump LOG --log-prefix "PREROUTING07: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 223 --jump DNAT --to 192.168.30.10:22
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 224 --jump LOG --log-prefix "PREROUTING08: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 224 --jump DNAT --to 192.168.30.11:22
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 225 --jump LOG --log-prefix "PREROUTING09: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 225 --jump DNAT --to 192.168.30.12:22
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 8600:8610 --jump LOG --log-prefix "PREROUTING10: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 8600:8610 --jump DNAT --to 192.168.30.10
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 8700:8710 --jump LOG --log-prefix "PREROUTING11: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 8700:8710 --jump DNAT --to 192.168.30.11
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 8800:8810 --jump LOG --log-prefix "PREROUTING12: "
/sbin/iptables -t nat -A PREROUTING -p tcp --in-interface ${WAN02} --dport 8800:8810 --jump DNAT --to 192.168.30.12

appliance01:
192.168.30.10/24 gateway 192.168.30.1

appliance02:
192.168.30.11/24 gateway 192.168.30.1

appliance03:
192.168.30.12/24 gateway 192.168.30.1

ntp:
local ntp server on 192.168.30.1 and outgoing trafic is not blocked
