UFW with NAT : Need to block all NAT requests except to one IP with out cutting NAT server from internet. Is this possible?

user156514

2/4/23, 6:03 PM

I have a small cluster of kiosks using a single RPi for bootp, dhcp, dns, radius, and nat to the internet. The RPi4 running RPi version of Ubuntu 18.04.

What I am struggling with is building a configuration a UFW rule(s) to block all NAT requests from private network out to the internet except for one IP address.

My first attempt to block the external interface failed, as it blocked the NAT server from getting outside.

is there a way to build a rule like this? For example, allow all NAT to 1.1.1.1. Internal LAN with NAT interface is using eth0, the WAN is using eth1.

ufw deny in on eth0 to eth1 outgoing
ufw allow in on eth0 to [eth1 ip 1.1.1.1] port 443 proto tcp

0 + 0

ufw

raspberrypi

18.04

Thomas Ward

2/4/23, 6:05 PM

What do you mean by NAT **requests**? NAT requests don't automatically get processed unless you have UPnP set up which is an atypical setup. (UFW is also not a complex enough tool to do complex NAT stuff like this)

user156514

2/4/23, 6:32 PM

the internal network uses the RPi as relay, I might have been using the wrong term. I am using a simple sysctl.conf with routing enabled, and IPTables configuration I spotted for NAT routing. close to this: https://gist.github.com/cellularmitosis/8294f0800e6d4b4022772fe8869d8a6f

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: UFW with NAT : Need to block all NAT requests except to one IP with out cutting NAT server from internet. Is this possible?

TH: UFW กับ NAT : ต้องบล็อกคำขอ NAT ทั้งหมดยกเว้น IP เดียวโดยไม่ตัดเซิร์ฟเวอร์ NAT จากอินเทอร์เน็ต เป็นไปได้ไหม

RO: UFW cu NAT: Trebuie să blocați toate cererile NAT, cu excepția unui singur IP, fără a tăia serverul NAT de la internet. Este posibil?

RU: UFW с NAT: необходимо заблокировать все запросы NAT, кроме одного IP-адреса, не отключая сервер NAT от Интернета. Это возможно?

VI: UFW with NAT : Cần chặn tất cả các yêu cầu NAT ngoại trừ một IP mà không cắt máy chủ NAT khỏi internet. Điều này có thể không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.