NAT shell script for iptables

From LinuxNewbie

Updated: Fri Jan 30, 2004 3:43 pm

I updated the script.

  • added notes to clarify forward and accept variables
  • added condition so that if no forward port or ip is specified it will not excute the command as that will cause an error


Revantine

Use a text editor to copy the script to /etc/nat.sh
chmod 755 /etc/nat.sh
and add it to /etc/rc.local.

#!/bin/bash
# natppp.sh
# rev: 03121901
# add notes for ftp modules required

# rev: 03112901
# added multiport forwarding with a variable
# Rev: 03091901

# rev: 04013001
# added check to see if no ports are forwarded
# to prevent an error if a the FORWARD line wasn't remarked out

# when using ftp through NAT
# insmod ip_conntrack_ftp
# insmod ip_nat_ftp

# Variables
# WANNIC =
# WAN interface
WANNIC=ppp0
# LAN interface
LANNIC=eth0
# connections allowed from WAN to localhost
# seperate with spaces.
# Port 22 is not blocked to prevent you from locking yourself out.
TCPPORT="80 25 110"
# connection to forward to another PC
# This is often call port forwarding
# if you don't need it, leave it blank
# leaving either variable blank will cause it to skip forwarding
# FORWARDIP=""
# seperate with commas
FORWARDTCP="80,21,20"
FORWARDIP="172.16.0.250"

echo WAN NIC: $WANNIC

# req for ftp modprobe or insmod
# modprobe ip_conntrack_ftp
# modprobe ip_nat_ftp

# req for irc, especially dcc
# http://en.tldp.org/HOWTO/IP-Masquerade-HOWTO/irc-dcc.html
# modprobe ip_conntrack_ftp
# modprobe ip_nat_irc
# ports 6667,6969

#######################################################################
# Don't edit below this unless you know what is happening
#######################################################################
modprobe ipt_MASQUERADE # If this fails, try continuing anyway
iptables -F; iptables -t nat -F; iptables -t mangle -F
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i ppp0 -j DNAT --to \
#  192.168.254.252

## Change destination addresses to 5.6.7.8, 5.6.7.9 or 5.6.7.10.
# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 5.6.7.8-5.6.7.10
## Change destination addresses of web traffic to 5.6.7.8, port 8080.
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 \
#        -j DNAT --to 5.6.7.8:8080

if [ "$FORWARDTCP" != "" ] && [ "$FORWARDIP" != "" ]
then
  iptables -t nat -A PREROUTING -p tcp -m multiport --dports $FORWARDTCP \
  -i ppp0 -j DNAT --to-destination $FORWARDIP
fi

iptables -t nat -A POSTROUTING -o $WANNIC -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT \
&& iptables -A INPUT -m state --state NEW -i ! $WANNIC -j ACCEPT \
&& iptables -A INPUT -i $WANNIC -p tcp --destination-port 22 -j ACCEPT
if [ $? != 0 ]
then
  echo Error with NAT implimentation
  exit 1
fi

for PORTSTR in $TCPPORT
do
# echo $TCPPORT
  echo Opening TCP Port: $PORTSTR
  iptables -A INPUT -i $WANNIC -p tcp --destination-port $PORTSTR -j ACCEPT
done
# iptables -A INPUT -i $LANNIC -j ACCEPT
# not needed because of above:
# && iptables -A INPUT -m state --state NEW -i ! $WANNIC -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i $WANNIC -o $WANNIC -j REJECT
# You only run DROP if the first two are succesful

nonat () {
#!/bin/bash
# nonat.sh

# Variables
# WANNIC = eth0
WANNIC=eth1

echo WAN NIC: $WANNIC
iptables -P INPUT ACCEPT
iptables -F; iptables -t nat -F; iptables -t mangle -F
echo 0 > /proc/sys/net/ipv4/ip_forward
}



NAT shell script for iptables

beast free movies free interracial fucking movie dog dick in pussy beauty and the beast zoophilia big black ass dog dick in pussy ass licking dog sex big ass dog cum dog sex animal sex nice butt beauty and the beast interacial sex horse suck anal fucking beasteality interracial wife horse sex dog dick in pussy blowing a horse cock beast horse cum butts animal sex with human black and white lesbians zoophilia free beastiality beast sex blowing a horse cock dog sex beasteality dog breeds men having sex with animals horse sex free beastiality animal sex with human dogs having sex with women farm girls horse fucking horse sex ass fucking beastiality stories men having sex with animals horse mating sexy ass endangered animals interracial candy beasteality black and white art horse mating farm girls animal sex with human black and white beast anal sex blowing a horse cock gay anal dog cum interracial stories bestiality men having sex with animals interracial ass parade dogfart interracial black dicks white chicks black or white dog breeds black and white art bestiality black dicks white chicks interracial movie clips dogfart interracial ass like that interracial gay free beastiality black on white ass to mouth black and white butts black and white sex interacial interracial gangbang dog fuck black and white photography animal sex with human interacial interracial fucking gay interracial perfect butt interracial porn black on white white wife fucking black cocks anal fisting interracial love black and white interracial gay ass in thong interracial anal anal fisting interracial butt dogfart interracial black on white white wife fucking black cocks black on white black and white sex black and white interracial gangbang beastality dogfart interracial onion booty interracial gallery black and white photography cuckold interracial hot ass black and white photos horse penis

Retrieved from "http://undernetlinuxnewbie.org/wiki/index.php/NAT_shell_script_for_iptables"