https://www.slackwiki.com/index.php?action=history&feed=atom&title=NAT_Script
NAT Script - Revision history
2026-04-08T14:21:02Z
Revision history for this page on the wiki
MediaWiki 1.40.0
https://www.slackwiki.com/index.php?title=NAT_Script&diff=142&oldid=prev
Erik: Copy from old
2009-06-04T05:25:20Z
<p>Copy from old</p>
<p><b>New page</b></p><div><pre><br />
#!/bin/sh<br />
<br />
# This is a very basic LAN NAT script, allowing only SSH to the firewall from<br />
# the external interface, allowing all outbound LAN traffic, and allowing only<br />
# established/related traffic back into the LAN.<br />
<br />
ipt=/usr/sbin/iptables<br />
extip=192.168.1.41 # replace with your EXTERNAL IP - eth0<br />
lan=10.5.3.0/25 # your LAN CIDR range - eth1<br />
<br />
# start firewall<br />
start_firewall() {<br />
<br />
echo "Enabling IP forwarding."<br />
echo 1 > /proc/sys/net/ipv4/ip_forward<br />
<br />
echo "Enabling iptables firewall."<br />
# default policies<br />
$ipt -P INPUT DROP<br />
$ipt -P FORWARD DROP<br />
<br />
# NAT<br />
$ipt -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $extip<br />
<br />
# INPUT chain<br />
$ipt -A INPUT -i lo -j ACCEPT<br />
$ipt -A INPUT -i eth1 -s $lan -j ACCEPT<br />
$ipt -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
$ipt -A INPUT -p tcp --destination-port 22 -j ACCEPT<br />
<br />
# FORWARD chain<br />
$ipt -A FORWARD -i eth1 -s $lan -j ACCEPT<br />
$ipt -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br />
<br />
}<br />
<br />
# stop firewall<br />
stop_firewall() {<br />
<br />
$ipt -P INPUT DROP<br />
$ipt -P OUTPUT DROP<br />
$ipt -P FORWARD DROP<br />
# allow internal traffic<br />
$ipt -A INPUT -i eth1 -j ACCEPT<br />
$ipt -A OUTPUT -o eth1 -j ACCEPT<br />
<br />
}<br />
<br />
# flushing, removing and zeroing tables<br />
reset_firewall() {<br />
<br />
chains=`cat /proc/net/ip_tables_names`<br />
for i in $chains; do<br />
$debug $ipt -t $i -F<br />
$debug $ipt -t $i -X<br />
$debug $ipt -t $i -Z<br />
done<br />
<br />
}<br />
<br />
case "$1" in<br />
<br />
start|restart|reload)<br />
reset_firewall<br />
start_firewall<br />
;;<br />
stop)<br />
reset_firewall<br />
stop_firewall<br />
;;<br />
*)<br />
echo "Usage: $0 {start|stop|restart|reload}"<br />
exit 1<br />
;;<br />
<br />
esac<br />
</pre><br />
<br />
[[Category:Security]]</div>
Erik