#!/bin/sh # IP masquerade script. INTERNAL_NETWORK=10.0.0.0 # The private IP range we're using, usually 10.0.0.0 or 192.168.1.0. INTERNAL_CIDR=8 # 8 for 10.0.0.0, 24 for 192.168.1.0. PUBLIC_IP=63.63.63.63 # Assigned by your ISP. This assumes a static IP. INTERNAL_INTERFACE=eth1 PUBLIC_INTERFACE=eth0 xx() { echo ">> $*" ; eval "$*" ; } modules () { xx modprobe ip_nat_ftp } v22 () { xx ipchains -P forward DENY xx ipchains -A forward -s $INTERNAL_NETWORK/$INTERNAL_CIDR -j MASQ } v24 () { xx iptables -P FORWARD DROP xx iptables -t nat -A POSTROUTING -s $INTERNAL_NETWORK/$INTERNAL_CIDR -j SNAT --to-source $PUBLIC_IP xx iptables -A FORWARD -i $INTERNAL_INTERFACE -o $PUBLIC_INTERFACE -j ACCEPT xx iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT } all () { xx echo "1" > /proc/sys/net/ipv4/ip_forward #xx echo "1" > /proc/sys/net/ipv4/ip_dynaddr } modules if [ kernelversion == '2.2' ] ;then v22 else v24 fi all