Никогда не думал, что придется, однако все-таки время подошло и встала задача поднять NAT на сервере с Linux. Долго бороздил по просторам интернета, но в итоге написал скриптик для /etc/init.d/

bash
  1.  
  2. #!/bin/bash                                                                
  3. # Author: Maxim Antonov <max.antonoff@gmail.com>                            
  4. #                                                                  
  5. ### BEGIN INIT INFO                                                
  6. # Provides:          ipforwarding                                  
  7. # Required-Start:                                                  
  8. # Should-Start:                                                    
  9. # Required-Stop:                                                   
  10. # Should-Stop:                                                     
  11. # Default-Start:     2 3 5                                         
  12. # Default-Stop:                                                    
  13. # Short-Description: forward ip                                    
  14. # Description:       forwear ip                                    
  15. ### END INIT INFO                                                  
  16. PATH=/usr/sbin:/sbin:/bin:/usr/bin                                 
  17.  
  18. function clean()
  19. {               
  20.   # delete all rules.
  21.   iptables -F        
  22.   iptables -t nat -F 
  23.   iptables -t mangle -F
  24.   iptables -X          
  25. }                      
  26.  
  27. function forward_rules()
  28. {                       
  29.   # Accept loopback traffic
  30.   iptables -A INPUT -i lo -j ACCEPT
  31.  
  32.   # Allow established connections, if those not from external network
  33.   iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  34.   iptables -A INPUT -m state --state NEW -i ! eth1 -j ACCEPT
  35.   iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
  36.  
  37.   # Allow outgoing connections from the internal network
  38.   iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
  39.  
  40.   # Masquerading
  41.   iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
  42.  
  43.   # Don't forward from external to internal network
  44.   iptables -A FORWARD -i eth1 -o eth1 -j REJECT
  45. }
  46.  
  47. function forwarding_on()
  48. {
  49.   # Enable routing.
  50.   echo 1 > /proc/sys/net/ipv4/ip_forward
  51. }
  52.  
  53. function forwarding_off()
  54. {
  55.   # Disable routing
  56.   echo 0 > /proc/sys/net/ipv4/ip_forward
  57. }
  58.  
  59.  
  60.  
  61.  
  62. case "$1" in
  63.     start)
  64.            clean;
  65.            forwarding_on;
  66.            forward_rules;
  67.          ;;
  68.      stop)
  69.            clean;
  70.            forwarding_off;
  71.          ;;
  72.   restart)
  73.            /etc/init.d/frw stop;
  74.            /etc/init.d/frw start;
  75.          ;;
  76.    status)
  77.            iptables -v -L
  78.          ;;
  79.         *)
  80.            echo "Usage: /etc/init.d/frw {start|stop|restart|status}";
  81.            exit 1;
  82.          ;;
  83. esac;
  84.  
  85. # vim: ft=sh
  86.  

Комменты

Добавить коммент