Code: Alles auswählen
#!/bin/sh
#
# $Id: routing-docs.html,v 1.4 2004/03/14 15:12:42 graham Exp $
#
# Home firewall script, put together from commands in the NAT and
# packet filtering HOWTO documents.
#
# Suitable for dropping into /etc/ppp/ip-up.d if you're running
# Debian, to be automatically run by /usr/bin/pon after dial up.
# Load the NAT module (this pulls in all the others).
modprobe iptable_nat
# insmod ip_conntrack (autoloaded by iptable_nat by the looks of it)
insmod ip_conntrack_ftp
# Clear all current rules, so we start from a clean slate.
iptables -F
# Create chain which blocks new connections, except if coming from inside.
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
iptables -A block -j DROP
# Jump to that chain from INPUT and FORWARD chains.
iptables -A INPUT -j block
iptables -A FORWARD -j block
# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out ppp0 (-o ppp0) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Edonkey/Overnet 11
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4662 -j DNAT --to-dest 192.168.0.11
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4711 -j DNAT --to-dest 192.168.0.11
iptables -t nat -A PREROUTING -i ppp0 -p udp --dport 4672 -j DNAT --to-dest 192.168.0.11
# Edonkey/Overnet 232
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5662 -j DNAT --to-dest 192.168.0.232
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 5711 -j DNAT --to-dest 192.168.0.232
iptables -t nat -A PREROUTING -i ppp0 -p udp --dport 5672 -j DNAT --to-dest 192.168.0.232
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
# Restart BIND9
named -p 53
