First off, let me apologize to chulmin2 for my poor
reading/proof-reading when I replied. The line in parenthesis below has
been corrected ("eth1 is your external" should be "eth1 is your
internal"). Also, I plugged in IP addresses from your email where they
need to be in the script.
Now to answer your question,
Sure, here's a quick example of a NAT/firewall script for iptables:
(this assumes eth0 is your external and eth1 is your internal)
#!/bin/sh
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
# Flush any existing tables #
/usr/sbin/iptables -F
/usr/sbin/iptables -t nat -F
# Set up default policies #
/usr/sbin/iptables -P INPUT DROP
/usr/sbin/iptables -P FORWARD DROP
# Set up tables for IP-Masquerading #
/usr/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state
ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# ftp forwarding #
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 26 -j DNAT --to
211.1.1.1:100
/usr/sbin/iptables -A FORWARD -i eth0 -o eth1 -p tcp -d 211.1.1.1
--dport 100 -j ACCEPT
Please note, this is just an example, IT IS NOT A GOOD FIREWALL.
Hope that helps!
Kevin Halverson
[EMAIL PROTECTED]
