[Scripts/git/.git] / iptables-nat.sh

#!/bin/sh
#
# usage (e.g.): sudo sh iptables-nat.sh [public interface] [private interface]
#
# Sets up iptables on Linux 2.6 to run a NAT for all machines on the
# private interface via the IP bound to the public interface. You should
# manually configure a private RFC1918 network for the machines on the
# private interface.
#
# Derived from the Linux IP masquerade HOWTO.

public=${1:-ath0}
private=${2:-eth0}

# permit forwarding connections that have to do with the NAT
iptables -A FORWARD -i $private -o $public -j ACCEPT
iptables -A FORWARD -i $public -o $private -m state --state ESTABLISHED,RELATED -j ACCEPT

# drop other connections, else the remaining commands will NAT public requests
# routed to this machine
iptables -P FORWARD DROP

# enable NAT
iptables -t nat -A POSTROUTING -o $public -j MASQUERADE

# this is usually not on by default
echo 1 > /proc/sys/net/ipv4/ip_forward
Commit	Line	Data
93217f7a GT	1	#!/bin/sh
	2	#
	3	# usage (e.g.): sudo sh iptables-nat.sh [public interface] [private interface]
	4	#
	5	# Sets up iptables on Linux 2.6 to run a NAT for all machines on the
	6	# private interface via the IP bound to the public interface. You should
	7	# manually configure a private RFC1918 network for the machines on the
	8	# private interface.
	9	#
	10	# Derived from the Linux IP masquerade HOWTO.
	11
	12	public=${1:-ath0}
	13	private=${2:-eth0}
	14
	15	# permit forwarding connections that have to do with the NAT
	16	iptables -A FORWARD -i $private -o $public -j ACCEPT
	17	iptables -A FORWARD -i $public -o $private -m state --state ESTABLISHED,RELATED -j ACCEPT
	18
	19	# drop other connections, else the remaining commands will NAT public requests
	20	# routed to this machine
	21	iptables -P FORWARD DROP
	22
	23	# enable NAT
	24	iptables -t nat -A POSTROUTING -o $public -j MASQUERADE
	25
	26	# this is usually not on by default
	27	echo 1 > /proc/sys/net/ipv4/ip_forward