Created
February 27, 2012 10:20
-
-
Save godmachine81/1922980 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Clear old iptables and nat rules (flush) | |
| iptables -F | |
| iptables -t nat -F | |
| #Create Input, Output, and Forward Chains | |
| iptables -P INPUT ACCEPT | |
| iptables -P OUTPUT ACCEPT | |
| iptables -P FORWARD DROP | |
| #Set variables for the local interfaces | |
| export LAN=eth1 | |
| export WAN=eth0 | |
| #Accept traffic from the LAN/WAN and Loopback interface | |
| iptables -I INPUT 1 -i ${LAN} -j ACCEPT | |
| iptables -I INPUT 1 -i ${WAN} -j ACCEPT | |
| iptables -I INPUT 1 -i lo -j ACCEPT | |
| #NAT RULES | |
| iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE | |
| iptables -A FORWARD -i ${WAN} -o ${LAN} -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| iptables -A FORWARD -i ${LAN} -o ${WAN} -j ACCEPT | |
| # Forward port 8888 on WAN to port 80 on 192.168. | |
| iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.56.101:8080 | |
| iptables -A FORWARD -p tcp -d 192.168.56.101 --dport 8080 -j ACCEPT | |
| #Enable Forwarding | |
| echo 1 > /proc/sys/net/ipv4/ip_forward | |
| for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done | |
| #Save the rules so this script doesn't have to be ran each time | |
| /etc/init.d/iptables save |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment