#
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# Don't delete these required lines, otherwise there will be errors
*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 1194
COMMIT
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines
server {
listen 80;
listen [::]:80;
root /var/www/vpn.site.ru/html;
index index.html index.htm index.nginx-debian.html;
server_name vpn.site.ru www.vpn.site.ru;
location / {
proxy_pass http://10.15.17.1:1194;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
server {
listen 80;
listen [::]:80;
root /var/www/tor.site.ru/html;
index index.html index.htm index.nginx-debian.html;
server_name tor.stie.ru www.tor.site.ru;
location / {
try_files $uri $uri/ =404;
stream{
server{
listen 1194;
proxy_pass 2.2.2.2:1194;
}
}
}
}
lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:01:2e:3d:d9:a7 brd ff:ff:ff:ff:ff:ff
inet 10.15.17.1/24 brd 10.15.17.255 scope global dynamic ens33
valid_lft 85997sec preferred_lft 85997sec
inet6 fe80::201:2eff:fe3d:d9a7/64 scope link
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
link/none
inet 10.8.0.1/24 brd 10.8.0.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::17e:ebda:9104:987d/64 scope link stable-privacy
valid_lft forever preferred_lft forever
iptables -A FORWARD -p tcp -d $DST_IP --dport 1194 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT