Skip to content

Commit

Permalink
fix: dnat rule add dst restrictions
Browse files Browse the repository at this point in the history
  • Loading branch information
kroese authored Oct 8, 2023
1 parent 34842e1 commit 45398c5
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions run/network.sh
Original file line number Diff line number Diff line change
Expand Up @@ -147,9 +147,11 @@ configureNAT () {
ip link set dev "${VM_NET_TAP}" master dockerbridge

# Add internet connection to the VM
IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)

iptables -t nat -A POSTROUTING -o "${VM_NET_DEV}" -j MASQUERADE
iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p tcp -j DNAT --to $VM_NET_IP
iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p udp -j DNAT --to $VM_NET_IP
iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p tcp -j DNAT --to $VM_NET_IP
iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p udp -j DNAT --to $VM_NET_IP

if (( KERNEL > 4 )); then
# Hack for guest VMs complaining about "bad udp checksums in 5 packets"
Expand Down

0 comments on commit 45398c5

Please sign in to comment.