[plug] NAT on a linux box

[Daniel Pearson]

How does this look, do you think this should run without a hitch?

#!/bin/sh

case "$1" in
start)
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables --flush                        # Flush all the rules in filter and
nat tables
iptables --table nat --flush
iptables --delete-chain                 # Delete all chains that are not in
default filter and nat table
iptables --table nat --delete-chain
# Set up IP FORWARDing and Masquerading
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables --append FORWARD --in-interface eth0 -j ACCEPT         - Assuming
one NIC to local LAN
echo 1 > /proc/sys/net/ipv4/ip_forward
;;
stop)
echo 0 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
;;
restart)
$0 stop
$0 start
;;
*)
echo "Usage: $0 [start|stop|restart]"
;;
esac

Cheers,
Daniel
----- Original Message -----
From: "Anthony J. Breeds-Taurima" <tony at cantech.net.au>
To: "Perth LUG" <plug at plug.linux.org.au>
Sent: Monday, February 17, 2003 3:18 PM
Subject: Re: [plug] NAT on a linux box


> On Mon, 17 Feb 2003, Mike Holland wrote:
>
> > Is there any important reason why that should be done, rather than just
> > set it up once at boot?
>
> The main advantage I can see to doing it in the "interfaces" file is
> it is _always_ done at the right time.  either right before the interface
> comes up or right before it goes down.  This is most usfull for ppp
> interfaces.
>
> Mostly it was just included there for compleetness.
>
> Yours Tony.
>
> /*
>  * "The significant problems we face cannot be solved at the
>  * same level of thinking we were at when we created them."
>  * --Albert Einstein
>  */
>
>
>