initial commit of a *whole bunch* of old Egressive shell scripts, used to make many people redundant.
This commit is contained in:
Dave Lane
commit
43e0f5b59e
329 changed files with 31937 additions and 0 deletions
76
egfirewall/egfirewall
Normal file
76
egfirewall/egfirewall
Normal file
|
|
@ -0,0 +1,76 @@
|
|||
#!/bin/bash
|
||||
# Egressive Ltd (www.egressive.com)
|
||||
# dave@egressive.com 2006-01-24
|
||||
#
|
||||
# traffic forwarding script, designed to
|
||||
# provide internal networks with NAT'd network access
|
||||
# and also to provide internal users with the ability
|
||||
# to refer to the server by its external name, but
|
||||
# get routed to its internal interface.
|
||||
|
||||
#
|
||||
# basic definitions
|
||||
SCRIPT=$0
|
||||
IPT=`which iptables`
|
||||
|
||||
# external interface
|
||||
EXTIP="203.97.52.169"
|
||||
# DMZ interface (i.e. between the server and router)
|
||||
DMZIP="10.13.87.1"
|
||||
DMZ_IF="eth0"
|
||||
# internal interface
|
||||
INTIP="192.168.100.254"
|
||||
INTNET="192.168.100.0/24"
|
||||
INTNET2="10.99.0.0/255.255.0.0"
|
||||
INT_IF="eth1"
|
||||
|
||||
# other useful constants
|
||||
ST_RELEXI="-m state --state ESTABLISHED,RELATED"
|
||||
|
||||
# let us know when this was last run...
|
||||
/bin/touch /var/log/traffic_forwarding-x
|
||||
|
||||
echo "$SCRIPT : Configuring the firewall"
|
||||
|
||||
# make sure appropriate modules are in place
|
||||
echo "$SCRIPT : Installing network related kernel modules"
|
||||
/sbin/modprobe ip_conntrack
|
||||
/sbin/modprobe ipt_multiport
|
||||
/sbin/modprobe ip_nat_ftp
|
||||
/sbin/modprobe ip_conntrack_ftp ports=20,21,23001,23002
|
||||
|
||||
# A word to those who have configured IP Chains, but not Netfilter - packets
|
||||
# being forwarded pass through the FORWARD filter point, but NOT the INPUT
|
||||
# and OUTPUT filter points. Beware.
|
||||
|
||||
echo "$SCRIPT : Flushing built-in chains"
|
||||
$IPT -t filter -F
|
||||
echo "$SCRIPT : Flushing PREROUTING"
|
||||
$IPT -t nat -F PREROUTING
|
||||
echo "$SCRIPT : Flushing POSTROUTING"
|
||||
$IPT -t nat -F POSTROUTING
|
||||
|
||||
# PREROUTING chain
|
||||
echo "$SCRIPT : Setting internal redirection to the external IP ($EXTIP -> $INTIP)"
|
||||
$IPT -i $INT_IF -t nat -A PREROUTING -d $EXTIP -p tcp --dport www -j DNAT --to $INTIP
|
||||
$IPT -i $INT_IF -t nat -A PREROUTING -d $EXTIP -p tcp --dport pop3 -j DNAT --to $INTIP
|
||||
$IPT -i $INT_IF -t nat -A PREROUTING -d $EXTIP -p tcp --dport imap -j DNAT --to $INTIP
|
||||
$IPT -i $INT_IF -t nat -A PREROUTING -s $INTNET -j LOG --log-prefix "Redirection..."
|
||||
|
||||
#
|
||||
# POSTROUTING chain
|
||||
#
|
||||
# do NAT on packets going to the outside world -- comment this out when we
|
||||
# have real IP addresses assigned.
|
||||
echo "$SCRIPT : Setting up internal address redirection for the $INTNET and $INTNET2 networks"
|
||||
$IPT -t nat -A POSTROUTING -s $INTNET -o $DMZ_IF -j SNAT --to-source $DMZIP
|
||||
$IPT -t nat -A POSTROUTING -s $INTNET2 -o $DMZ_IF -j SNAT --to-source $DMZIP
|
||||
# this is part of the above PREROUTING stuff - provides the return trip properly
|
||||
#$IPT -t nat -A POSTROUTING -d $DMZIP -s $INTNET -p tcp --dport 80 -j SNAT --to $INTIP
|
||||
#$IPT -t nat -A POSTROUTING -d $DMZIP -s $INTNET -p tcp --dport 110 -j SNAT --to $INTIP
|
||||
#$IPT -t nat -A POSTROUTING -d $DMZIP -s $INTNET -p tcp --dport 143 -j SNAT --to $INTIP
|
||||
|
||||
###################
|
||||
# Make sure IP forwarding is turned on
|
||||
echo "$SCRIPT : Enabling forwarding"
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||
Loading…
Add table
Add a link
Reference in a new issue