kvmhost02: update NAT rules

itguru.at.fwb

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1575987327" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="24" lastModified="1576140568" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -504,6 +504,12 @@
       <RuleSetOptions/>
     </NAT>
     <TCPService id="id12252X15942" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="wireguard" comment="" ro="False" src_range_start="0" src_range_end="0" dst_range_start="51820" dst_range_end="51820"/>
+    <IPv4 id="id12327X6099" name="web03:eth0:ip-1" comment="" ro="False" address="192.168.122.11" netmask="255.255.255.0"/>
+    <IPv4 id="id12328X6099" name="web03:eth0:ip-2" comment="" ro="False" address="10.64.2.10" netmask="255.255.255.0"/>
+    <IPv6 id="id12329X6099" name="web03:eth0:ip6" comment="" ro="False" address="2a01:4f8:201:142d::10:a" netmask="112"/>
+    <IPv6 id="id12330X6099" name="web03:eth0:ip6-1" comment="" ro="False" address="2a01:4f8:201:142d::10:b" netmask="112"/>
+    <IPv6 id="id12331X6099" name="web03:eth0:ip6-2" comment="" ro="False" address="2a01:4f8:201:142d::10:c" netmask="112"/>
+    <IPv6 id="id12332X6099" name="web03:eth0:ip6-3" comment="" ro="False" address="2a01:4f9:2a:a55::20:10" netmask="128"/>
   </Library>
   <Library id="id1582X5690" color="#d2ffd0" name="User" comment="" ro="False">
     <ObjectGroup id="id1583X5690" name="Objects" comment="" ro="False">
@@ -723,7 +729,7 @@
         <Host id="id6929X4137" name="yuvashakti01" comment="" ro="False">
           <Interface id="id6931X4137" dedicated_failover="False" dyn="False" label="" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
             <IPv4 id="id6932X4137" name="yuvashakti01:eth0:ip" comment="" ro="False" address="192.168.122.200" netmask="255.255.255.0"/>
-            <IPv4 id="id11305X65696" name="yuvashakti01:eth0:ip-new" comment="" ro="False" address="10.64.2.30" netmask="255.255.255.0"/>
+            <IPv4 id="id11305X65696" name="yuvashakti01:eth0:ip-new" comment="" ro="False" address="10.64.2.50" netmask="255.255.255.0"/>
             <IPv6 id="id11322X65696" name="yuvashakti01:eth0:ipv6" comment="" ro="False" address="2a01:4f9:2a:a55::20:30" netmask="128"/>
             <InterfaceOptions/>
           </Interface>
@@ -763,6 +769,24 @@
           </Management>
           <HostOptions/>
         </Host>
+        <Host id="id12323X6099" name="web03" comment="The Webserver will handel 80 and 443 tcp traffic." ro="False">
+          <Interface id="id12325X6099" dedicated_failover="False" dyn="False" security_level="0" unnum="False" unprotected="False" name="eth0" comment="" ro="False">
+            <IPv4 id="id12326X6099" name="web03:eth0:ip" comment="" ro="False" address="10.64.2.30" netmask="255.255.255.0"/>
+            <InterfaceOptions/>
+          </Interface>
+          <Management address="192.168.1.10">
+            <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
+            <FWBDManagement enabled="False" identity="" port="-1"/>
+            <PolicyInstallScript arguments="" command="" enabled="False"/>
+          </Management>
+          <HostOptions>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
+            <Option name="use_mac_addr">false</Option>
+            <Option name="use_mac_addr_filter">False</Option>
+          </HostOptions>
+        </Host>
       </ObjectGroup>
       <ObjectGroup id="id1589X5690" name="Networks" comment="" ro="False">
         <Network id="id4422X5690" name="kvmhost01:virbr0:net" comment="" ro="False" address="192.168.122.0" netmask="255.255.255.0"/>
@@ -2423,11 +2447,11 @@
           <Option name="verify_interfaces">True</Option>
         </FirewallOptions>
       </Firewall>
-      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1575988272" lastInstalled="1575988286" lastModified="1575987508" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
+      <Firewall id="id8899X28426" host_OS="linux24" inactive="False" lastCompiled="1576142460" lastInstalled="1576142474" lastModified="1576142368" platform="iptables" version="" name="kvmhost02" comment="" ro="False">
         <NAT id="id13393X65696" name="NAT" comment="" ro="False" ipv4_rule_set="True" ipv6_rule_set="False" top_rule_set="True">
-          <NATRule id="id13395X65696" disabled="True" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
+          <NATRule id="id13395X65696" disabled="False" group="outgoing NAT" position="0" action="Translate" comment="NAT all outgoing mail traffic to mail IP">
             <OSrc neg="False">
-              <ObjectRef ref="id8526X5690"/>
+              <ObjectRef ref="id11185X65696"/>
             </OSrc>
             <ODst neg="False">
               <ObjectRef ref="sysid0"/>
@@ -2436,7 +2460,7 @@
               <ServiceRef ref="sysid1"/>
             </OSrv>
             <TSrc neg="False">
-              <ObjectRef ref="id4420X5690"/>
+              <ObjectRef ref="id13268X354"/>
             </TSrc>
             <TDst neg="False">
               <ObjectRef ref="sysid0"/>
@@ -2448,11 +2472,38 @@
               <ObjectRef ref="sysid0"/>
             </ItfInb>
             <ItfOutb neg="False">
+              <ObjectRef ref="id8907X28426"/>
+            </ItfOutb>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id12515X6099" disabled="False" group="outgoing NAT" position="1" action="Translate" comment="NAT all outgoing traffic">
+            <OSrc neg="False">
+              <ObjectRef ref="id11343X65696"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="id8908X28426"/>
+            </TSrc>
+            <TDst neg="False">
               <ObjectRef ref="sysid0"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </TSrv>
+            <ItfInb neg="False">
+              <ObjectRef ref="sysid0"/>
+            </ItfInb>
+            <ItfOutb neg="False">
+              <ObjectRef ref="id8907X28426"/>
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13438X65696" disabled="False" group="NAT VMs" position="1" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
+          <NATRule id="id13438X65696" disabled="False" group="NAT VMs" position="2" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
             <OSrc neg="False">
               <ObjectRef ref="id11343X65696"/>
             </OSrc>
@@ -2479,7 +2530,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13483X65696" disabled="False" group="NAT VMs" position="2" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
+          <NATRule id="id13483X65696" disabled="False" group="NAT VMs" position="3" action="Translate" comment="special nat so internal hosts can connect to hostet services.">
             <OSrc neg="False">
               <ObjectRef ref="id11343X65696"/>
             </OSrc>
@@ -2506,7 +2557,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id14760X65696" disabled="False" group="NAT VMs" position="3" action="Translate" comment="NAT all other traffic to main IP">
+          <NATRule id="id14760X65696" disabled="False" group="NAT VMs" position="4" action="Translate" comment="NAT all other traffic to main IP">
             <OSrc neg="False">
               <ObjectRef ref="id11343X65696"/>
             </OSrc>
@@ -2533,7 +2584,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13572X65696" disabled="False" group="web_access" position="4" action="Translate" comment="">
+          <NATRule id="id13572X65696" disabled="False" group="web_access" position="5" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2560,7 +2611,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13617X65696" disabled="False" group="web_access" position="5" action="Translate" comment="">
+          <NATRule id="id13617X65696" disabled="False" group="web_access" position="6" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2587,7 +2638,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13705X65696" disabled="True" group="web_access" position="6" action="Translate" comment="TODO: add a proxy rule">
+          <NATRule id="id13705X65696" disabled="True" group="web_access" position="7" action="Translate" comment="TODO: add a proxy rule">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2614,7 +2665,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13748X65696" disabled="False" group="wlanctl" position="7" action="Translate" comment="TODO: add Proxy rules">
+          <NATRule id="id13748X65696" disabled="False" group="wlanctl" position="8" action="Translate" comment="TODO: add Proxy rules">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2645,7 +2696,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13795X65696" disabled="False" group="wlanctl" position="8" action="Translate" comment="">
+          <NATRule id="id13795X65696" disabled="False" group="wlanctl" position="9" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2672,7 +2723,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13838X65696" disabled="False" group="external ssh access" position="9" action="Translate" comment="allow sftp access for &#10;">
+          <NATRule id="id13838X65696" disabled="False" group="external ssh access" position="10" action="Translate" comment="allow sftp access for &#10;">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2699,7 +2750,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13881X65696" disabled="False" group="external ssh access" position="10" action="Translate" comment="allow ssh access for authorized users">
+          <NATRule id="id13881X65696" disabled="False" group="external ssh access" position="11" action="Translate" comment="allow ssh access for authorized users">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2726,7 +2777,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id13924X65696" disabled="False" group="external ssh access" position="11" action="Translate" comment="ssh for gogs git repo">
+          <NATRule id="id13924X65696" disabled="False" group="external ssh access" position="12" action="Translate" comment="ssh for gogs git repo">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2753,7 +2804,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id14010X65696" disabled="False" group="external ssh access" position="12" action="Translate" comment="">
+          <NATRule id="id14010X65696" disabled="False" group="external ssh access" position="13" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2780,7 +2831,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id12226X15942" disabled="False" group="" position="13" action="Translate" comment="">
+          <NATRule id="id12226X15942" disabled="False" group="" position="14" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2807,7 +2858,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id14053X65696" disabled="False" group="" position="14" action="Translate" comment="">
+          <NATRule id="id14053X65696" disabled="False" group="" position="15" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -2840,7 +2891,7 @@
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id14102X65696" disabled="False" group="" position="15" action="Translate" comment="">
+          <NATRule id="id14102X65696" disabled="False" group="" position="16" action="Translate" comment="">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
@@ -3246,6 +3297,7 @@
               <ObjectRef ref="id4099X50770"/>
               <ObjectRef ref="id6929X4137"/>
               <ObjectRef ref="id10512X16353"/>
+              <ObjectRef ref="id12323X6099"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="tcp-HTTP"/>