NAT в Linux

Никогда не думал, что придется, однако все-таки время подошло и встала задача поднять NAT на сервере с Linux. Долго бороздил по просторам интернета, но в итоге написал скриптик для /etc/init.d/

#!/bin/bash                                                                
# Author: Maxim Antonov <max.antonoff@gmail.com>          
#                                                                  
### BEGIN INIT INFO                                                
# Provides:          ipforwarding                                  
# Required-Start:                                                  
# Should-Start:                                                    
# Required-Stop:                                                   
# Should-Stop:                                                     
# Default-Start:     2 3 5                                         
# Default-Stop:                                                    
# Short-Description: forward ip                                    
# Description:       forwear ip                                    
### END INIT INFO                                                  
PATH=/usr/sbin:/sbin:/bin:/usr/bin                                 

function clean()
{               
  # delete all rules.
  iptables -F        
  iptables -t nat -F 
  iptables -t mangle -F
  iptables -X          
}                      

function forward_rules()
{                       
  # Accept loopback traffic
  iptables -A INPUT -i lo -j ACCEPT

  # Allow established connections, if those not from external network
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
  iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT

  # Allow outgoing connections from the internal network
  iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

  # Masquerading
  iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

  # Don't forward from external to internal network
  iptables -A FORWARD -i eth1 -o eth1 -j REJECT
}

function forwarding_on()
{
  # Enable routing.
  echo 1 > /proc/sys/net/ipv4/ip_forward
}

function forwarding_off()
{
  # Disable routing
  echo 0 > /proc/sys/net/ipv4/ip_forward
}




case "$1" in
    start)
           clean;
           forwarding_on;
           forward_rules;
         ;;
     stop)
           clean;
           forwarding_off;
         ;;
  restart)
           /etc/init.d/frw stop;
           /etc/init.d/frw start;
         ;;
   status)
           iptables -v -L
         ;;
        *)
           echo "Usage: /etc/init.d/frw {start|stop|restart|status}";
           exit 1;
         ;;
esac;

# vim: ft=sh

Комменты