[plug] masq cameron tony

smclevie smclevie at ozemail.com.au
Tue Dec 16 18:18:17 WST 2003 

Hi guys,

Have twiddled and fiddled Camerons script.  I have picked up a number of 
<carriage-returns>... in amongst the commands  (That is ONE reason for 
using WORD ..!  I can see the hidden characters ...)

After pon it runs all except the for - do bits essentially.  There is a 
syntax error in between echos 4 & 5 and between
echos 6 & 7.  I blanked them out to test the rest ...

Could I have a Pauline Hanson on the first 3 commands?  (Please explain...)

I have no idea as to whether it actually 'works' but I do know when the 
machine is rebooted
it hangs on stopping 'named' and the XP machine loses Samba access to Debian.

My preference is to have a more 'static' implementation if possible (ie. 
avoid for - do loops).
There is a 'chain' mentioned in the first for - do loop....

My internal network is 192.168.0.xxx with Debian eth0 gateway @ 192.168.0.1

The DNS name servers are 203.12.160.35 and 203.12.160.36.

Anyway, here is my revised script.
_______________________________________________________________________________

#! /bin/sh

PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

LAN_NET=192.168.0.0/255.255.255.0
INET_IP="`ip addr show dev ppp0 | grep ' inet ' | awk '{print$2}' | cut -d/ 
-f1`"
TRUSTED_IFACE="lo eth0"

echo " 
1-------------------------------------------------------------------------- "

echo " Enabling IP FORWARDING and IP DYNADDRESSING "
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 1 >/proc/sys/net/ipv4/ip_dynaddr

echo " 
2-------------------------------------------------------------------------- "

echo " Reset everything to the defaults "
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X

echo " 
3-------------------------------------------------------------------------- "

echo " Default to reject incoming and forwarding packets "
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

echo " 
4-------------------------------------------------------------------------- "

#echo " Forward traffic for locally-originated connections "
#for chain in FORWARD INPUT OUTPUT do iptables -A ${chain} -m state --state 
ESTABLISHED,RELATED -j ACCEPT done

echo " 
5-------------------------------------------------------------------------- "

echo " Reject incoming connections from the internet "
iptables -A INPUT -p TCP -d $INET_IP -j REJECT --reject-with=tcp-reset
iptables -A INPUT -p ICMP -d $INET_IP -j ACCEPT
iptables -A INPUT -d $INET_IP -j DROP

echo " 
6-------------------------------------------------------------------------- "

#echo " Forward and accept all traffic for the local network "
#for iface in $TRUSTED_IFACE do iptables -A FORWARD -i $iface -j ACCEPT 
iptables -A INPUT -p ALL -i $iface -j ACCEPT done

echo " 
7-------------------------------------------------------------------------- "

echo " Enable IP masquerading "
iptables -t nat -A POSTROUTING -s $LAN_NET -d ! $LAN_NET -j MASQUERADE

echo " 
8-------------------------------------------------------------------------- "

echo " Allow ICMP traffic "
iptables -A INPUT -p ICMP -j ACCEPT

echo " 
9-------------------------------------------------------------------------- "


Thanks,

Steve.

More information about the plug mailing list