[plug] NAT on a linux box

Daniel Pearson plug at flashware.net
Mon Feb 17 15:02:28 WST 2003


Tony,
Would the script be any different if it was using iptables? Or would it just
be a matter of substituting iptables for ipchains?

Cheers,
Daniel

----- Original Message -----
From: "Anthony J. Breeds-Taurima" <tony at cantech.net.au>
To: "Perth LUG" <plug at plug.linux.org.au>
Sent: Monday, February 17, 2003 2:35 PM
Subject: Re: [plug] NAT on a linux box


> On Mon, 17 Feb 2003, Daniel Pearson wrote:
>
> > Afternoon,
> > I've scouted the internet and have found a few scripts for a firewall,
using
> > ipchains which will do the NAT which I require. All i'm running is a
simple
> > linux box, which has a modem. Its not a router as such, but other
machines
> > on the network will connect to the internet through it.
> >
> > From all the scripts i've tried, I haven't been able to put any into
> > /etc/init.d/ (i'm running debian) -- because I want to be able to
> > stop/start/restart it. Is what i'm trying to achieve unachievable, or is
> > there in fact a simple solution to this?
>
> I'm not sure I understand the problem.
>
> You can write a hacky script like:
> ---
> #!/bin/sh
>
> #include <http://thor.cantech.net.au/~tony/stddisclaimer.h>
>
> case "$1" in
> start)
> echo 0 > /proc/sys/net/ipv4/ip_forward
> ipchains -F
> ipchains -X
> ipchains -P forward DENY
> ipchains -J MASQ -i ppp0
> echo 1 > /proc/sys/net/ipv4/ip_forward
> ;;
> stop)
> echo 0 > /proc/sys/net/ipv4/ip_forward
> ipchains -F
> ipchains -X
> ;;
> restart)
> $0 stop
> $0 start
> ;;
> *)
> echo "$0 [start|stop|restart]"
> ;;
> esac
> ---
>
> Call it /etc/init.d/firewall
>
> Then you can link to it like
> cd /etc/rc2.d
> ln -s ../firewall S11firewall
>
> and in theory the firewall will come up at boot.
>
> or in /etc/network/inerfaces you can add:
> ---
> pre-up   /etc/init.d/firewall start
> pre-down /etc/init.d/firewall stop
> ---
>
> And any time you restart your ethernet interfaces the ipchains script will
> rerun.
>
>
> Yours Tony.
>
> /*
>  * "The significant problems we face cannot be solved at the
>  * same level of thinking we were at when we created them."
>  * --Albert Einstein
>  */
>
>
>



More information about the plug mailing list