- #!/bin/sh
- PATH=/usr/sbin:/sbin:/bin:/usr/bin
- #
- # delete all existing rules.
- #
- iptables -F
- iptables -t nat -F
- iptables -t mangle -F
- iptables -X
- # Always accept loopback traffic
- iptables -A INPUT -i lo -j ACCEPT
- # Allow established connections, and those not coming from the outside
- iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
- iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
- iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
- # Allow outgoing connections from the LAN side.
- iptables -A FORWARD -m iprange --src-range 10.0.0.40-10.0.0.254 -j DROP
- iptables -A FPRWARD -m iprange --src-range 10.0.0.1-10.0.0.40 -j ACCEPT
- iptables -A FORWARD -p tcp --dport 80 -m state --state NEW -m iprange --src-range 10.0.0.40-10.0.0.254 -j ACCEPT
- iptables -A FORWARD -p tcp --dport 443 -m state --state NEW -m iprange --src-range 10.0.0.40-10.0.0.254 -j ACCEPT
- iptables -A FORWARD -p udp --dport 53 -m iprange --src-range 10.0.0.40-10.0.0.254 -j ACCEPT
- iptables -A FORWARD -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Masquerade.
- iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
- # Don't forward from the outside to the inside.
- iptables -A FORWARD -i eth1 -o eth1 -j REJECT
- iptables -t nat -A PREROUTING -p tcp --dport 28960 -i eth1 -j DNAT --to 10.0.0.50:28960
- iptables -t nat -A PREROUTING -p udp --dport 28960 -i eth1 -j DNAT --to 10.0.0.50:28960
- iptables -t nat -A PREROUTING -p tcp --dport 52401 -i eth1 -j DNAT --to 10.0.0.50:52401
- #proxy
- #iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
- # Enable routing.
- echo 1 > /proc/sys/net/ipv4/ip_forward
Undefined
By: yuc | Date: Nov 2 2009 08:04 | Format: None | Expires: never | Size: 1.68 KB | Hits: 967
Latest pastes
2 days ago
3 days ago
3 days ago
4 days ago
5 days ago