]>
Commit | Line | Data |
---|---|---|
93217f7a GT |
1 | #!/bin/sh |
2 | # | |
3 | # usage (e.g.): sudo sh iptables-nat.sh [public interface] [private interface] | |
4 | # | |
5 | # Sets up iptables on Linux 2.6 to run a NAT for all machines on the | |
6 | # private interface via the IP bound to the public interface. You should | |
7 | # manually configure a private RFC1918 network for the machines on the | |
8 | # private interface. | |
9 | # | |
10 | # Derived from the Linux IP masquerade HOWTO. | |
11 | ||
12 | public=${1:-ath0} | |
13 | private=${2:-eth0} | |
14 | ||
15 | # permit forwarding connections that have to do with the NAT | |
16 | iptables -A FORWARD -i $private -o $public -j ACCEPT | |
17 | iptables -A FORWARD -i $public -o $private -m state --state ESTABLISHED,RELATED -j ACCEPT | |
18 | ||
19 | # drop other connections, else the remaining commands will NAT public requests | |
20 | # routed to this machine | |
21 | iptables -P FORWARD DROP | |
22 | ||
23 | # enable NAT | |
24 | iptables -t nat -A POSTROUTING -o $public -j MASQUERADE | |
25 | ||
26 | # this is usually not on by default | |
27 | echo 1 > /proc/sys/net/ipv4/ip_forward |