Project

General

Profile

Actions
Copy link

Bug #584

closed

Nicecity: allow all DC hosts to connect

Added by Pierre-Louis Bonicoli over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Pierre-Louis Bonicoli
Category:
Service :: Backup
Start date:
2017-08-28
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Help Needed:

Description

Toushirou and Orfeo only are allowed to connect to Nicecity.

Actions
Copy link
 #1

Updated by Pierre-Louis Bonicoli over 6 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Elwing, Jinta, Thorfinn and Korutopi has been added:

ELWING=193.200.43.161
JINTA=193.200.43.27
KORUTOPI=124.41.91.213
ORFEO=193.200.43.105
THORFINN=193.200.43.26
TOUSHIROU=193.200.42.177

# Burp from DC hosts to LXC
(
# Burp IN
for host in $TOUSHIROU $ORFEO $THORFINN $KORUTOPI $JINTA $ELWING; do
    # DNAT (for input)
    iptables -t nat -A PREROUTING -i $ETH_WAN -s $host -p tcp --dport 4971 -j DNAT --to-destination ${BURP_DC}
    iptables -A FORWARD -i $ETH_WAN -o lxcbr0 -d $BURP_DC -s $host -p tcp --dport 4971 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A FORWARD -o $ETH_WAN -i lxcbr0 -s $BURP_DC -d $host -p tcp --sport 4971 -m state --state ESTABLISHED -j ACCEPT
done
)

Successfully tested from Jinta:

elnet nicecity.duckcorp.org 4971
Trying 176.158.227.221...
Connected to nicecity.duckcorp.org.
Escape character is '^]'.

]^CConnection closed by foreign host.

Actions
Copy link

Also available in: Atom PDF