close

KERNLE_CONFIG :

{

CONFIG_NETFILTER

CONFIG_NETFILTER_ADVANCED

CONFIG_NF_CONNTRACK

CONFIG_NF_CONNTRACK_PROCFS

CONFIG_NF_CONNTRACK_IPV4

CONFIG_NF_CONNTRACK_PROC_COMPAT

CONFIG_IP_NF_IPTABLES

CONFIG_IP_NF_FILTER

CONFIG_NF_NAT

CONFIG_IP_NF_TARGET_MASQUERADE

CONFIG_IP_NF_MANGLE

}

 

iptable_rules :

#!/bin/sh

EXTIF="eth0"
INIF="eth1"
INNET="192.168.1.0/24"

export EXTIF INIF INNET

# CLean up IP Tables Rules

iptables -F
iptables -X
iptables -Z

# Clean up NAT Tables Rules

iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT


if [ "$INIF" != "" ]; then
    iptables -A INPUT -i $INIF -j ACCEPT
    echo "1" > /proc/sys/net/ipv4/ip_forward
    if [ "$INNET" != "" ]; then
        for innet in $INNET
        do
             iptables -t nat -A POSTROUTING -s $innet -o $EXTIF -j MASQUERADE
        done
    fi
fi

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 jethro 的頭像
    jethro

    JS-Note

    jethro 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄