NAT Script - Revision history https://www.slackwiki.com/index.php?title=NAT_Script&action=history Revision history for this page on the wiki en MediaWiki 1.40.0 Wed, 08 Apr 2026 14:21:01 GMT Erik: Copy from old https://www.slackwiki.com/index.php?title=NAT_Script&diff=142&oldid=prev https://www.slackwiki.com/index.php?title=NAT_Script&diff=142&oldid=prev <p>Copy from old</p> <p><b>New page</b></p><div>&lt;pre&gt;<br /> #!/bin/sh<br /> <br /> # This is a very basic LAN NAT script, allowing only SSH to the firewall from<br /> # the external interface, allowing all outbound LAN traffic, and allowing only<br /> # established/related traffic back into the LAN.<br /> <br /> ipt=/usr/sbin/iptables<br /> extip=192.168.1.41 # replace with your EXTERNAL IP - eth0<br /> lan=10.5.3.0/25 # your LAN CIDR range - eth1<br /> <br /> # start firewall<br /> start_firewall() {<br /> <br /> echo &quot;Enabling IP forwarding.&quot;<br /> echo 1 &gt; /proc/sys/net/ipv4/ip_forward<br /> <br /> echo &quot;Enabling iptables firewall.&quot;<br /> # default policies<br /> $ipt -P INPUT DROP<br /> $ipt -P FORWARD DROP<br /> <br /> # NAT<br /> $ipt -t nat -A POSTROUTING -o eth0 -j SNAT --to-source $extip<br /> <br /> # INPUT chain<br /> $ipt -A INPUT -i lo -j ACCEPT<br /> $ipt -A INPUT -i eth1 -s $lan -j ACCEPT<br /> $ipt -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br /> $ipt -A INPUT -p tcp --destination-port 22 -j ACCEPT<br /> <br /> # FORWARD chain<br /> $ipt -A FORWARD -i eth1 -s $lan -j ACCEPT<br /> $ipt -A FORWARD -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT<br /> <br /> }<br /> <br /> # stop firewall<br /> stop_firewall() {<br /> <br /> $ipt -P INPUT DROP<br /> $ipt -P OUTPUT DROP<br /> $ipt -P FORWARD DROP<br /> # allow internal traffic<br /> $ipt -A INPUT -i eth1 -j ACCEPT<br /> $ipt -A OUTPUT -o eth1 -j ACCEPT<br /> <br /> }<br /> <br /> # flushing, removing and zeroing tables<br /> reset_firewall() {<br /> <br /> chains=`cat /proc/net/ip_tables_names`<br /> for i in $chains; do<br /> $debug $ipt -t $i -F<br /> $debug $ipt -t $i -X<br /> $debug $ipt -t $i -Z<br /> done<br /> <br /> }<br /> <br /> case &quot;$1&quot; in<br /> <br /> start|restart|reload)<br /> reset_firewall<br /> start_firewall<br /> ;;<br /> stop)<br /> reset_firewall<br /> stop_firewall<br /> ;;<br /> *)<br /> echo &quot;Usage: $0 {start|stop|restart|reload}&quot;<br /> exit 1<br /> ;;<br /> <br /> esac<br /> &lt;/pre&gt;<br /> <br /> [[Category:Security]]</div> Thu, 04 Jun 2009 05:25:20 GMT Erik https://www.slackwiki.com/Talk:NAT_Script