Installation guide
A Sample VLAN Topology
A Sample VLAN Topology
Chapter 7
85
SHMM_IP=192.168.0.2
#
# Choose a mark your pre-routing DNAT rule.
#
MARK_DNAT=1
#
# Initialize iptables, and flush any existing rules.
#
iptables -P INPUT ACCEPT
iptables –P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -F; iptables -F -t nat; iptables -F -t mangle
iptables -X
#
# Set up some NAT rules to allow rmcp traffic to flow to the
# SHMM, and to allow snmp-trap traffic, initiated from the SHMM,
# to flow to the designated system manager. Restrict all other
# outside traffic from directly talking to the SHMM.
#
#
# Mark incoming rmcp packets destined for the SHMM
#
iptables -t mangle -A PREROUTING -p udp -d $MGMT_IP \
-m multiport --dports rmcp -j MARK --set-mark ${MARK_DNAT}
#
# NAT rmcp packets to the SHMM.
#