Created
April 18, 2010 05:14
-
-
Save dermidgen/370012 to your computer and use it in GitHub Desktop.
Firewall routing script for DD-WRT
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # vlan1 is our PRIMARY WAN connection (public IP) | |
| # AUX WAN | |
| WAN2_IFNAME=vlan2 | |
| WAN2_IPADDR=192.168.100.173 | |
| WAN2_GATEWAY=192.168.100.254 | |
| WAN2_NETMASK=255.255.255.0 | |
| if [ "$(nvram get wan2_ipaddr)" != "$WAN2_IPADDR" ]; then | |
| nvram set wan2_ifname=$WAN2_IFNAME | |
| nvram set wan2_ipaddr=$WAN2_IPADDR | |
| nvram set wan2_gateway=$WAN2_GATEWAY | |
| nvram set wan2_netmask=$WAN2_NETMASK | |
| nvram commit | |
| fi | |
| ifconfig $(nvram get wan2_ifname) up $(nvram get wan2_ipaddr) netmask $(nvram get wan2_netmask) | |
| # IMPACT LAN | |
| WAN3_IFNAME=vlan3 | |
| WAN3_IPADDR=192.168.6.239 | |
| WAN3_GATEWAY=192.168.6.254 | |
| WAN3_NETMASK=255.255.255.0 | |
| if [ "$(nvram get wan3_ipaddr)" != "$WAN3_IPADDR" ]; then | |
| nvram set wan3_ifname=$WAN3_IFNAME | |
| nvram set wan3_ipaddr=$WAN3_IPADDR | |
| nvram set wan3_gateway=$WAN3_GATEWAY | |
| nvram set wan3_netmask=$WAN3_NETMASK | |
| nvram commit | |
| fi | |
| ifconfig $(nvram get wan3_ifname) up $(nvram get wan3_ipaddr) netmask $(nvram get wan3_netmask) | |
| # IMPACT DMZ | |
| WAN4_IFNAME=vlan4 | |
| WAN4_IPADDR=10.0.0.201 | |
| WAN4_GATEWAY=10.0.0.1 | |
| WAN4_NETMASK=255.255.255.0 | |
| if [ "$(nvram get wan4_ipaddr)" != "$WAN4_IPADDR" ]; then | |
| nvram set wan4_ifname=$WAN4_IFNAME | |
| nvram set wan4_ipaddr=$WAN4_IPADDR | |
| nvram set wan4_gateway=$WAN4_GATEWAY | |
| nvram set wan4_netmask=$WAN4_NETMASK | |
| nvram commit | |
| fi | |
| ifconfig $(nvram get wan4_ifname) up $(nvram get wan4_ipaddr) netmask $(nvram get wan4_netmask) | |
| # Route Adds from Balanced Config | |
| ip rule flush | |
| ip rule add lookup main prio 32766 | |
| ip rule add lookup default prio 32767 | |
| ip rule add from $(nvram get wan_ipaddr) table 100 prio 100 | |
| ip rule add fwmark 0x100 table 100 prio 101 | |
| ip rule add from $(nvram get wan2_ipaddr) table 200 prio 200 | |
| ip rule add fwmark 0x200 table 200 prio 201 | |
| ip rule add from $(nvram get wan3_ipaddr) table 300 prio 300 | |
| ip rule add fwmark 0x300 table 300 prio 301 | |
| ip rule add from $(nvram get wan4_ipaddr) table 400 prio 400 | |
| ip rule add fwmark 0x400 table 400 prio 401 | |
| ip route flush table 100 | |
| ip route flush table 200 | |
| ip route flush table 300 | |
| ip route flush table 400 | |
| for TABLE in 100 200 | |
| do | |
| ip route | grep link | while read ROUTE | |
| do | |
| ip route add table $TABLE to $ROUTE | |
| done | |
| done | |
| for TABLE in 100 300 | |
| do | |
| ip route | grep link | while read ROUTE | |
| do | |
| ip route add table $TABLE to $ROUTE | |
| done | |
| done | |
| for TABLE in 100 400 | |
| do | |
| ip route | grep link | while read ROUTE | |
| do | |
| ip route add table $TABLE to $ROUTE | |
| done | |
| done | |
| ip route add table 100 default via $(nvram get wan_gateway) | |
| ip route add table 200 default via $(nvram get wan2_gateway) | |
| ip route add table 300 default via $(nvram get wan3_gateway) | |
| ip route add table 400 default via $(nvram get wan4_gateway) | |
| # NATTING | |
| iptables -t nat -A POSTROUTING -o vlan2 -j MASQUERADE | |
| iptables -t nat -A POSTROUTING -o vlan3 -j MASQUERADE | |
| iptables -t nat -A POSTROUTING -o vlan4 -j MASQUERADE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment