[plug] masq script
smclevie
smclevie at ozemail.com.au
Wed Dec 17 17:29:59 WST 2003
Hi all and in particular Cameron and James,
My script almost works! I have gotten rid of fancy for-do loops for the
moment.
Perhaps I have taken something too far....!
I now have samba back with pinging to isp from Debian machine.
The Win XP machine however, does not ping isp and does not access internet.
Perhaps I should now look at XP machine for the reason??
Script follows:
#! /bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
LAN_NET=192.168.0.0/255.255.255.0
INET_IP="`ip addr show dev ppp0 | grep ' inet ' | awk '{print$2}' | cut -d/
-f1`"
TRUSTED_IFACE="lo eth0"
echo "
1-------------------------------------------------------------------------- "
echo " Enabling IP FORWARDING and IP DYNADDRESSING "
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 1 >/proc/sys/net/ipv4/ip_dynaddr
echo "
2-------------------------------------------------------------------------- "
echo " Reset everything to the defaults "
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -F
iptables -t nat -F
iptables -X
iptables -t nat -X
echo "
3-------------------------------------------------------------------------- "
echo " Default to reject incoming and forwarding packets "
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
echo "
4-------------------------------------------------------------------------- "
echo " Forward traffic for locally-originated connections "
#for chain in FORWARD INPUT OUTPUT; do iptables -A ${chain} -m state
--state ESTABLISHED,RELATED -j ACCEPT; done
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "
5-------------------------------------------------------------------------- "
echo " Reject incoming connections from the internet "
iptables -A INPUT -p TCP -d $INET_IP -j REJECT --reject-with=tcp-reset
iptables -A INPUT -p ICMP -d $INET_IP -j ACCEPT
iptables -A INPUT -d $INET_IP -j DROP
echo "
6-------------------------------------------------------------------------- "
echo " Forward and accept all traffic for the local network "
#for iface in $TRUSTED_IFACE; do iptables -A FORWARD -i $iface -j ACCEPT
iptables -A INPUT -p ALL -i $iface -j ACCEPT; done
iptables -A FORWARD -i lo -j ACCEPT
iptables -A INPUT -p ALL -i lo -j ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A INPUT -p ALL -i eth0 -j ACCEPT
echo "
7-------------------------------------------------------------------------- "
echo " Enable IP masquerading "
iptables -t nat -A POSTROUTING -s $LAN_NET -d ! $LAN_NET -j MASQUERADE
echo "
8-------------------------------------------------------------------------- "
echo " Allow ICMP traffic "
iptables -A INPUT -p ICMP -j ACCEPT
echo "
9-------------------------------------------------------------------------- "
The problem (if it exists with firewall) is between echo 4 & 5 I would
think ...
Any help much appreciated,
Thanks again,
Steve.
More information about the plug
mailing list