From 818cdead8671f07ba130d1a63b7a3ad8877b0471 Mon Sep 17 00:00:00 2001
From: "guillaume.emorine" <guillaume.emorine@debian>
Date: Mon, 29 Apr 2024 11:22:07 +0200
Subject: [PATCH] =?UTF-8?q?=09Modifi=C3=A9=C2=A0:=20=20=20=20=20=20=20=20?=
 =?UTF-8?q?=20sisr1/tp08/firewall=5Fregles.txt?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 sisr1/tp08/firewall_regles.txt | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/sisr1/tp08/firewall_regles.txt b/sisr1/tp08/firewall_regles.txt
index 0e1a112..a639b67 100644
--- a/sisr1/tp08/firewall_regles.txt
+++ b/sisr1/tp08/firewall_regles.txt
@@ -195,15 +195,21 @@ table ip ipfilter {
 
 	}
 
-# Chaînes pour la NAT - étape 8.
+# Chaînes pour la NAT - étape 8 et 9.
 
 	chain nat_prerouting {
-		type nat hook prerouting priority filter; policy accept;
+		type nat hook prerouting priority filter; policy accept;*
+
+		# Port Forwarding pour le DNS, entre pare-feu et DMZ (étape 9)
+		iif eth0 udp dport 53 dnat to $proxy-dns
+		iif eth0 tcp dport 53 dnat to $proxy-dns
+	
 	}
 
 	chain nat_postrouting {
 		type nat hook postrouting priority filter; policy accept;
 
+		# Masquage des adresses IP de la DMZ via NAT (étape 8)
 		ip saddr $dmz-ntw snat $firewall-net
 
 	}