Cool 'n Simple ADSL fw+pf+nat script v2

Cool 'n Simple ADSL fw+pf+nat script v2

Post by Coenraad Loubse » Fri, 22 Apr 2005 16:36:41



Hey, it may not be the most elegant solution, but it works!

This is for a server connected via adsl, acting as a gateway, webserver,
mailserver, proxy, nat firewall.

#!/bin/bash
inet=ppp0

echo Flushing tables...
iptables -t nat -F
iptables -F

echo Activating Firewall...
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! $inet -j ACCEPT

allowin=80
echo Allowing port $allowin tcp incoming access...
iptables -A block -p tcp -i $inet --dport $allowin -j ACCEPT
#iptables -A block -p udp -i $inet --dport $allowin -j ACCEPT

allowin=443
echo Allowing port $allowin tcp incoming access...
iptables -A block -p tcp -i $inet --dport $allowin -j ACCEPT
#iptables -A block -p udp -i $inet --dport $allowin -j ACCEPT

allowin=22
echo Allowing port $allowin tcp incoming access...
iptables -A block -p tcp -i $inet --dport $allowin -j ACCEPT
#iptables -A block -p udp -i $inet --dport $allowin -j ACCEPT

#friendlynet=xx.xx.xx.xx/32
#echo Allowing $allowin full incoming access... [untested]
#/sbin/iptables -A block -s $friendlynet -j ACCEPT

#iptables -A block -j LOG

iptables -A block -i $inet -j DROP

iptables -A INPUT -j block
iptables -A FORWARD -j block

# Allow self access by loopback interface
iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT

echo Enabling IP Forwarding...
echo "1" > /proc/sys/net/ipv4/ip_forward

echo Activating Masquerading...
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo Activating Transparent Proxying...
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

#iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT
--to-dest $dest
#iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT

#ports=666:668
#dest=192.168.0.95
#
#echo Forwarding ports $ports to $dest...
#iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT
--to-dest $dest
#iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT
#
#ports=27001
#dest=192.168.0.95
#
#echo Forwarding ports $ports to $dest...
#iptables -t nat -A PREROUTING -i $inet -p udp --dport $ports -j DNAT
--to-dest $dest
#iptables -A FORWARD -p udp -i $inet --dport $ports -d $dest -j ACCEPT

 
 
 

1. OBSD as FW/NAT box with ADSL

Hello All,

    I am going to be setting up a firewall/NAT box (486SX/33,16M, 2
ne2000-compat. NICs) to share/manage an ADSL connection for a couple of
win98SE "machines".  According to the dsl provider (Earthlink/Covad), we
will not be recieving a static ip *grrrr*.  As I am fairly new to this
procedure, I am wondering if OBSD will have any "issues" with not having a
static real address.  Will there be any problems configuring PPPoE?  I
realize this message is rather vague, but I would truly appreciate any
advice/horror stories/information any of you fine folks would have.

Thank you much,

--
Jim

"It's our duty to yo' booty to FUNK YOU UP!"

2. Seeming problem with modem

3. nat rdr rules fail pf: BAD state: pf: State failure

4. Further Refined Bionic Basketball Accurizer Hand Brace and Gloves

5. Specific nat problem - GURUS HELP (bug in pf/nat?)

6. Compiling Kernel 2.0.34 to Kernel 2.2.7

7. PF vs IPF keep state rules (was 'ipf to pf rules conversion problems')

8. Win2000 and Linux setup

9. Two FQDN's one IP using a Cisco 678 ADSL router running NAT

10. Latest 'Stable' v2.0.xx release past v2.0.14?

11. pppd says can't locate modules net-pf-4 and net-pf-5

12. cool script for propigating a nic card with IP's RedHat

13. Diskussionsaufruf zu PF oder anderen Fw