ip masquerading script for dynamic IP

[C Hamel]

On Thursday 19 October 2006 13:12, Noah wrote:
> Hi
>
> I am wondering if somebody knows where I can find a script that handles
> ip masquerading for dynamically assigned IPs from my upstream?
>
> cheers,
>
> Noah
You might start here, though I use static, myself...

#Set up IPTABLES here, since it is problematic where to place the startup
#First we flush our current rules
 iptables -F
 iptables -t nat -F

#Setup default policies to handle unmatched traffic
 iptables -P INPUT ACCEPT
 iptables -P OUTPUT ACCEPT
 iptables -P FORWARD DROP

#Copy and paste these examples ...
 export LAN=eth1
 export WAN=ppp0

#Then we lock our services so they only work from the LAN
 iptables -I INPUT 1 -i ${LAN} -j ACCEPT
 iptables -I INPUT 1 -i lo -j ACCEPT
 iptables -A INPUT -p UDP --dport bootps -i ! ${LAN} -j REJECT
 iptables -A INPUT -p UDP --dport domain -i ! ${LAN} -j REJECT

#(Optional) Allow access to our ssh server from the WAN
 iptables -A INPUT -p TCP --dport ssh -i ${WAN} -j ACCEPT

#Drop TCP / UDP packets to privileged ports
 iptables -A INPUT -p TCP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP
 iptables -A INPUT -p UDP -i ! ${LAN} -d 0/0 --dport 0:1023 -j DROP

#Finally we add the rules for NAT
 iptables -I FORWARD -i ${LAN} -d 192.168.0.0/255.255.0.0 -j DROP
 iptables -A FORWARD -i ${LAN} -s 192.168.0.0/255.255.0.0 -j ACCEPT
 iptables -A FORWARD -i ${WAN} -d 192.168.0.0/255.255.0.0 -j ACCEPT
 iptables -t nat -A POSTROUTING -o ${WAN} -j MASQUERADE
#Tell the kernel that ip forwarding is OK
 echo 1 > /proc/sys/net/ipv4/ip_forward
 for f in /proc/sys/net/ipv4/conf/*/rp_filter ; do echo 1 > $f ; done

-- 
	...CH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20061020/028d4581/attachment.sig>