Installation guide
A Sample VLAN Topology
A Sample VLAN Topology
Chapter 7
86
iptables -t nat -A PREROUTING -p udp -d $MGMT_IP --dport \
rmcp -j DNAT --to-destination $SHMM_IP
#
# Change source ip of rcmp packet, so that SHMM can respond to
# the correct left or right Switch Blade.
#
iptables -t nat -A POSTROUTING -p udp -o zhp3 \
-mmark --mark ${MARK_DNAT}/${MARK_DNAT} -j SNAT \
--to-source $ISL_IP:10000-10999
#
# Allow snmp-trap traffic, initiated from the SHMM, to go to the
# designated system manager.
#
iptables -t nat -A POSTROUTING -p udp -s $SHMM_IP \
-o zhp1 --dport 162 -j SNAT --to-source $MGMT_IP:10000-10999
#
# Allow the following traffic to enter the Switch Blade.
#
iptables -A INPUT -j ACCEPT -m state \
--state ESTABLISHED,RELATED
iptables -A INPUT -j ACCEPT -i lo
iptables -A INPUT -j ACCEPT -i zhp3
iptables -A INPUT -j ACCEPT -p tcp --dport ftp
iptables -A INPUT -j ACCEPT -p udp --dport tftp
iptables -A INPUT -j ACCEPT -p tcp --dport http
iptables -A INPUT -j ACCEPT -p tcp --dport telnet
iptables -A INPUT -j ACCEPT -p udp --dport snmp
iptables -A INPUT -j ACCEPT -p udp --dport snmp-trap
iptables -A INPUT -j ACCEPT -p icmp --icmp-type echo-request