Monday, April 07, 2008

#! /bin/bash
# eth0 - local network
# ppp0 - internet
# eth1 - home wnetwork

IPTABLES=/sbin/iptables

echo 1 > /proc/sys/net/ipv4/ip_forward

# Clearing
$IPTABLES -P INPUT ACCEPTs
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -o ppp0 -j ACCEPT

No comments: