[plug] NAT on a linux box
Anthony J. Breeds-Taurima
tony at cantech.net.au
Mon Feb 17 14:35:49 WST 2003
On Mon, 17 Feb 2003, Daniel Pearson wrote:
> Afternoon,
> I've scouted the internet and have found a few scripts for a firewall, using
> ipchains which will do the NAT which I require. All i'm running is a simple
> linux box, which has a modem. Its not a router as such, but other machines
> on the network will connect to the internet through it.
>
> From all the scripts i've tried, I haven't been able to put any into
> /etc/init.d/ (i'm running debian) -- because I want to be able to
> stop/start/restart it. Is what i'm trying to achieve unachievable, or is
> there in fact a simple solution to this?
I'm not sure I understand the problem.
You can write a hacky script like:
---
#!/bin/sh
#include <http://thor.cantech.net.au/~tony/stddisclaimer.h>
case "$1" in
start)
echo 0 > /proc/sys/net/ipv4/ip_forward
ipchains -F
ipchains -X
ipchains -P forward DENY
ipchains -J MASQ -i ppp0
echo 1 > /proc/sys/net/ipv4/ip_forward
;;
stop)
echo 0 > /proc/sys/net/ipv4/ip_forward
ipchains -F
ipchains -X
;;
restart)
$0 stop
$0 start
;;
*)
echo "$0 [start|stop|restart]"
;;
esac
---
Call it /etc/init.d/firewall
Then you can link to it like
cd /etc/rc2.d
ln -s ../firewall S11firewall
and in theory the firewall will come up at boot.
or in /etc/network/inerfaces you can add:
---
pre-up /etc/init.d/firewall start
pre-down /etc/init.d/firewall stop
---
And any time you restart your ethernet interfaces the ipchains script will
rerun.
Yours Tony.
/*
* "The significant problems we face cannot be solved at the
* same level of thinking we were at when we created them."
* --Albert Einstein
*/
More information about the plug
mailing list