# Implementation suggestion for this feature request:
#
# Define the following parameters in /etc/ufw/ufw.conf:
# NAT_IF=<public interface device name, like 'eth0'>
# NAT_PROTOCOLS=tcp/1024:65535,udp/1024:65535,icmp,47,50,51
#
# Derive
# NAT_IP = first IPv4 address of device
# from `ip address show NAT`, filter IP address
# /inet ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\//
#
# NAT_PROTOCOLS allows adding or removing IP protocols from the
# NAT list. This list works with Microsoft, Cisco VPN, and other
# less common networking services.
# (gre used by VPN, Ciso, IPset, PPTP, and more)
# (esp used by IPSec VPN)
# (ah used by IPset VPN)
# For advanced users, other protocols can be added to or removed
# from this list, and TCP/UDP port ranges can be adjusted.
#
# The output of the default list would then look like this:
REASON: It simplifies the programming if the code doesn't have to deduce the "correct" interface for the public Internet. Designed so that the code is a simple add-in to the IPTABLES command generation.
# Implementation suggestion for this feature request: tcp/1024: 65535,udp/ 1024:65535, icmp,47, 50,51 1,3}\.[ 0-9]{1, 3}\.[0- 9]{1,3} \.[0-9] {1,3})\ //
#
# Define the following parameters in /etc/ufw/ufw.conf:
# NAT_IF=<public interface device name, like 'eth0'>
# NAT_PROTOCOLS=
#
# Derive
# NAT_IP = first IPv4 address of device
# from `ip address show NAT`, filter IP address
# /inet ([0-9]{
#
# NAT_PROTOCOLS allows adding or removing IP protocols from the
# NAT list. This list works with Microsoft, Cisco VPN, and other
# less common networking services.
# (gre used by VPN, Ciso, IPset, PPTP, and more)
# (esp used by IPSec VPN)
# (ah used by IPset VPN)
# For advanced users, other protocols can be added to or removed
# from this list, and TCP/UDP port ranges can be adjusted.
#
# The output of the default list would then look like this:
/sbin/iptables -t nat -A POSTROUTING -o NAT_IF -p tcp -j SNAT --to-source NAT_IP:1024-65535
/sbin/iptables -t nat -A POSTROUTING -o NAT_IF -p udp -j SNAT --to-source NAT_IP:1024-65535
/sbin/iptables -t nat -A POSTROUTING -o NAT_IF -p icmp -j SNAT --to-source NAT_IP
/sbin/iptables -t nat -A POSTROUTING -o NAT_IF -p 47 -j SNAT --to-source NAT_IP #gre
/sbin/iptables -t nat -A POSTROUTING -o NAT_IF -p 50 -j SNAT --to-source NAT_IP #esp
/sbin/iptables -t nat -A POSTROUTING -o NAT_IF -p 51 -j SNAT --to-source NAT_IP #ah
REASON: It simplifies the programming if the code doesn't have to deduce the "correct" interface for the public Internet. Designed so that the code is a simple add-in to the IPTABLES command generation.