ufw (firewall) not doing nat like it should?

ulaoulao · 08-09-2018, 07:09 AM

I'm new to 18.04 and the new networking stuff. First thing that sort of confused me was the new labels enp2s0 instead of eth0. Assuming this is just a name, I set up my nat like so .

/etc/default/ufw

change

DEFAULT_FORWARD_POLICY="ACCEPT"

/etc/ufw/sysctl.conf

net.ipv4.ip_forward=1

and in my /etc/ufw/before.rules

*nat:

POSTROUTING ACCEPT [0:0]

#-A POSTROUTING -s 192.168.0.1/24 -o enp2s0 -j MASQUERADE#-A POSTROUTING -s enp3s5 -o enp2s0 -j MASQUERADE-A POSTROUTING -o enp2s0 -j MASQUERADECOMMIT

As you can see from the comments I tried a few ways.

enp3s5 is my intrAnet card
enp2s0 is my internet card

-------------------------------------------
This is what I did in 14.04
sudo modprobe iptable_nat
sudo iptables -t nat -A POSTROUTING -o eth3 -j MASQUERADE
sudo iptables -t mangle -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
echo 1 > /proc/sys/net/ipv4/ip_forward

eth3 was my intra and eth0 was internet

Did I do something wrong?

frankbell · 08-09-2018, 08:26 PM

enp2s0 is one of those laughingly mislabeled "predictable device names."

ulaoulao · 08-09-2018, 08:35 PM

agreed but seemingly not helpful LOL

Anyways I ripped out netplan and used the old network/interfaces. That works.

frankbell · 08-09-2018, 08:56 PM

I reread your first post.

Maybe I'm just being dim tonight, but I'm not sure what your firewall is doing that you don't want it to do or not doing that you want it to do.