IPTables Script

De WikiLICC
Ir para: navegação, pesquisa

This script is used to configure iptables for DNAT and SNAT (destination/source network address translation). It's part of the NAT with IPTables page and explained there. This file should be saved to /etc/init.d/local and symlinked to /etc/rcS.d/S39local. 

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=local
DESC="local services"

# Replace this with your firewall's static IP
EXTERNIP="X.X.X.X"

# The IP address of the internal machine that will respond to SSH requests
SSHHOST="192.168.1.200"

# The IP range of the internal network
LOCALNET="192.168.1.0/24"

case "$1" in
  start)
        iptables -t nat -A POSTROUTING -d ! ${LOCALNET} -j SNAT --to ${EXTERNIP}
        iptables -t nat -A PREROUTING --dst ${EXTERNIP} -p tcp --dport 22 -j DNAT --to-destination ${SSHHOST}
        echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
        ;;
  stop)
        echo 0 > /proc/sys/net/ipv4/conf/all/forwarding
        iptables -t nat -F
        ;;
     *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop}" >&2
        exit 1
        ;;
esac

exit 0
Disponível em "http://hunter.mat.ufrgs.br/mediawiki/index.php?title=IPTables_Script&oldid=2732"