分类:
2012-11-05 15:34:52
原文地址: 作者:platinum
#! /bin/bash
# project by platinum, 2005-05-12
# debug in 2005-05-20
# set mode (lan or adsl)
mode="adsl"
# set default gateway (如果mode==adsl,此项可以忽略)
gateway="外网网关"
# set interface wan (如果mode==adsl,此项可以忽略)
wan_ip="外网ip地址"
wan_eth="外网网卡"
wan_mask="外网掩码"
# set interface lan
lan_ip="内网ip地址"
lan_net="内网网络地址"
lan_eth="内网网卡"
lan_mask="内网掩码"
# set manager
manager_ip="内网管理员ip"
manager_mac="内网管理员mac"
# initialize modules
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward
# initialize interface lan
ifconfig $lan_eth $lan_ip netmask $lan_mask
# initialize policy
iptables -p input drop
iptables -p forward accept
iptables -f
iptables -t nat -f
# deny ack attack
iptables -a input -p tcp ! --syn -m state --state new -j drop
iptables -a forward -p tcp ! --syn -m state --state new -j drop
# initialize rules
iptables -a input -i lo -j accept
iptables -a input -i $lan_eth -s $manager_ip -m mac --mac-source $manager_mac -m state --state new,related,established -j accept
iptables -a input -m state --state related,established -j accept
case "$mode" in
lan)
# initialize interface wan
ifconfig $wan_eth $wan_ip netmask $wan_mask
iptables -t nat -a postrouting -s $lan_net -o $wan_eth -j snat --to $wan_ip
;;
adsl)
iptables -t nat -a postrouting -s $lan_net -o ppp0 -j masquerade
gateway=`ifconfig ppp0|grep inet|awk '{print $3}'|awk -f: '{print $2}'`
;;
esac
ip route replace default via $gateway