Update 'Kanzlei-Kiel'.
This commit is contained in:
@@ -252,6 +252,86 @@ allow_local_if_to_local_ip=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow local ip address from given local interface
|
||||
# =============
|
||||
|
||||
# - allow_local_if_to_local_ip
|
||||
# -
|
||||
# - All traffic from the given network interface to the given ip address is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_if_to_local_ip="${local_if_1}:192.168.10.1
|
||||
# - ${local_if_2}:192.168.10.13"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_if_to_local_ip=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow extern service from given local interface
|
||||
# =============
|
||||
|
||||
# - allow_local_if_to_ext_service
|
||||
# -
|
||||
# - allow_local_if_to_ext_service="<local-interface>:<extern-ip>:<ext-port>:<protocol> [.."
|
||||
# -
|
||||
# - All traffic from the given (local) network interface to the given (extern) service is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_if_to_ext_service="${local_if_1}:83.223.86.98:3306:tcp
|
||||
# - ${local_if_2}:83.223.86.98:3306:tcp"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_if_to_ext_service="
|
||||
${local_if_1}:172.16.100.254:80:tcp
|
||||
"
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow extern network from given local interface
|
||||
# =============
|
||||
|
||||
# - allow_local_if_to_ext_net
|
||||
# -
|
||||
# - allow_local_if_to_ext_net="<local-interface>:ext-network> [<local-interface>:ext-network> [.."
|
||||
# -
|
||||
# - All traffic from the given (local) network interface to the given (extern) network is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_if_to_ext_net="${local_if_1}:83.223.86.98/32
|
||||
# - ${local_if_2}:83.223.86.98/32"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_if_to_ext_net=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# - Allow extern service from given local network
|
||||
# =============
|
||||
|
||||
# - allow_local_net_to_ext_service
|
||||
# -
|
||||
# - allow_local_net_to_ext_service="<local-net:ext-ip:port:protocol> [<local-net:ext-ip:port:protocol> [.."
|
||||
# -
|
||||
# - All traffic from the given (local) network to the given (extern) service is allowed
|
||||
# -
|
||||
# - Example:
|
||||
# - allow_local_net_to_ext_service="192.168.63.0/24:83.223.86.98:3306:tcp
|
||||
# - 192.168.64.0/24:83.223.86.98:3306:tcp"
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
allow_local_net_to_ext_service=""
|
||||
|
||||
|
||||
|
||||
# =============
|
||||
# --- Separate local Networks
|
||||
# =============
|
||||
@@ -298,7 +378,7 @@ SIP_PORT_LOCAL=5067
|
||||
SIP_LOCAL_IP=192.168.63.240
|
||||
STUN_PORTS=3478
|
||||
|
||||
TC_DEV=$ext_if_dsl_1
|
||||
TC_DEV=$ext_if_static_1
|
||||
|
||||
|
||||
|
||||
@@ -473,7 +553,7 @@ http_server_only_local_ips="192.168.100.100
|
||||
# - Multiple settins of this parameter is possible
|
||||
# -
|
||||
declare -A http_server_dmz_arr
|
||||
|
||||
#http_server_dmz_arr[192.168.100.10]=$ext_if_static_1
|
||||
|
||||
# - HTTPS Services DMZ only port 443 (reachable also from WAN)
|
||||
# -
|
||||
@@ -573,7 +653,7 @@ ftp_server_only_local_ips=""
|
||||
# - ftp_passive_port_range=<first-port:last-port>
|
||||
# -
|
||||
declare -A ftp_server_dmz_arr
|
||||
#ftp_server_dmz_arr[192.168.63.20]=$ext_if_dsl_1
|
||||
#ftp_server_dmz_arr[192.168.63.20]=$ext_if_static_1
|
||||
ftp_passive_port_range="50000:50400"
|
||||
|
||||
# - FTP Ports
|
||||
@@ -830,6 +910,7 @@ remote_console_port=5900
|
||||
# - same controller machine.
|
||||
# -
|
||||
# - unifi_stun_port=3478 # UDP port used for STUN
|
||||
# - # Open Port from controller to Unifi APs
|
||||
# -
|
||||
# -
|
||||
# - Ubiquity Networks uses port 10001/UDP for its AirControl
|
||||
@@ -858,10 +939,20 @@ unify_broadcast_udp_ports="10001,5656:5699"
|
||||
# -
|
||||
local_unifi_controller_service=true
|
||||
|
||||
# - Unifi Accesspoints (AP's) controlled by UniFi controller at Gateway
|
||||
# -
|
||||
unifi_ap_local_ips="
|
||||
192.168.100.50
|
||||
192.168.100.51
|
||||
"
|
||||
|
||||
|
||||
# - UniFi Controllers on local network (other than this machine)
|
||||
# -
|
||||
unify_controller_local_net_ips=""
|
||||
|
||||
|
||||
|
||||
# ======
|
||||
# - IPMI Tools
|
||||
# ======
|
||||
@@ -870,16 +961,26 @@ unify_controller_local_net_ips=""
|
||||
# -
|
||||
# - Blank seoarated list
|
||||
# -
|
||||
ipmi_server_ips="192.168.100.11 172.16.100.15"
|
||||
ipmi_server_ips="192.168.100.11 192.168.100.15 172.16.100.15"
|
||||
|
||||
# - IPMI Tools Port
|
||||
# -
|
||||
# - UDP 623: Access IPMI Programms (as IPMIView or FreeIPMI)
|
||||
# - TCP 623: Virtual Media for Remote Console
|
||||
# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
|
||||
# - UDP 161: SNMP
|
||||
# - UDP 623: Access IPMI Programms (as IPMIView or FreeIPMI)
|
||||
# -
|
||||
# - TCP 80: Webinterface.
|
||||
# - TCP 161: SNMP
|
||||
# - TCP 443: Webinterface (SSL)
|
||||
# - TCP 623: Virtual Media for Remote Console
|
||||
# - TCP 3520: "This is TCP Port 3520 which is also needed in addition to TCP port 5900 to be able to use iKVM."
|
||||
# - TCP 5120: CD/USB
|
||||
# - TCP 5123: Floppy
|
||||
# - TCP 5900: KVM over IP
|
||||
# - TCP 5901: Video for remote console
|
||||
# - TCP 5985: Wsman
|
||||
# -
|
||||
ipmi_udp_port=623
|
||||
ipmi_tcp_ports="623 3520"
|
||||
ipmi_udp_ports="161 623"
|
||||
ipmi_tcp_ports="80 161 443 623 3520 5120 5123 5900 5901 5985"
|
||||
|
||||
|
||||
# =============
|
||||
@@ -968,6 +1069,28 @@ tv_extern_if="eth2.8"
|
||||
tv_local_if="$local_if_1"
|
||||
|
||||
|
||||
# =====
|
||||
# --- Allow special TCP Ports (OUT)
|
||||
# =====
|
||||
|
||||
# - TCP Ports
|
||||
# -
|
||||
# - Blank separated list of tcp ports
|
||||
# -
|
||||
tcp_out_ports=""
|
||||
|
||||
|
||||
# =====
|
||||
# --- Allow special UDP Ports (OUT)
|
||||
# =====
|
||||
|
||||
# - UDP Ports
|
||||
# -
|
||||
# - Blank separated list udp ports
|
||||
# -
|
||||
udp_out_ports=""
|
||||
|
||||
|
||||
|
||||
# ======
|
||||
# - Other local Services
|
||||
@@ -1010,12 +1133,18 @@ nat_networks=""
|
||||
# - masquerade_tcp_con="192.168.63.0/24:192.168.62.244:80:${local_if_1}
|
||||
# - 10.0.0.0/8:192.168.62.244:443:${local_if_1}"
|
||||
# -
|
||||
# - 172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra)
|
||||
# - 172.16.100.254: FritzBOX! 7590
|
||||
# - 172.16.101.1: Accesspoint TP-Link TL-WA801ND (büro zebra)
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
masquerade_tcp_cons="192.168.63.0/24:172.16.101.1:80:${local_if_1}
|
||||
10.0.100.0/24:172.16.101.1:80:${local_if_1}"
|
||||
masquerade_tcp_cons="
|
||||
192.168.100.0/24:172.16.100.254:80:${ext_if_static_1}
|
||||
10.0.100.0/24:172.16.100.254:80:${ext_if_static_1}
|
||||
192.168.63.0/24:172.16.100.254:80:${ext_if_static_1}
|
||||
192.168.63.0/24:172.16.101.1:80:${local_if_1}
|
||||
10.0.100.0/24:172.16.101.1:80:${local_if_1}
|
||||
"
|
||||
|
||||
|
||||
# =============
|
||||
@@ -1049,7 +1178,10 @@ portforward_tcp=""
|
||||
# -
|
||||
# - Blank separated list
|
||||
# -
|
||||
portforward_udp="$vpn_ifs:49909:192.168.100.101:9"
|
||||
portforward_udp="
|
||||
$vpn_ifs:49909:192.168.100.101:9
|
||||
$ext_if_static_1:1198:172.16.102.194:1194
|
||||
"
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user