[네트워크] iptables 을 이용한 masq script

#

# pppo/eth1을 각각 EXTIF/INTIF 변수로 선언

#

EXTIF=”eth0″

INTIF=”eth1″

echo “—> External Ethernet Interface : $EXTIF”

echo “—> Internal Ethernet Interface : $INTIF”

#

# iptables + ftp 사용을 위한 모듈 등록

#

echo “—> iptables module up <—”

/sbin/depmod -a

/sbin/insmod ip_tables

/sbin/insmod ip_conntrack

/sbin/insmod ip_conntrack_ftp

/sbin/insmod ip_nat_ftp

/sbin/insmod iptable_nat

#

# ip_forward 를 위한 커널매개변수 수정

#

echo “1” > /proc/sys/net/ipv4/ip_forward

#

# Dynamic IP 사용을 위한 커널매개변수 수정

#

echo “1” > /proc/sys/net/ipv4/ip_dynaddr

#

# IP forwarding / Masquerading 설정

#

echo “—> Setting up IP forwarding/masquerading <—”

#

# 1. 기존 rule을 지우고, 새로운 rule을 적용하기위한 정책설정

#

iptables -P INPUT ACCEPT

iptables -F INPUT

iptables -P OUTPUT ACCEPT

iptables -F OUTPUT

iptables -P FORWARD DROP

iptables -F FORWARD

iptables -t nat -F

echo “—> step 1 complete”

#

# 2. iptables rule 설정

#

iptables -A FORWARD -i $EXTIF -o $INTIF -m state –state \\

ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

iptables -A FORWARD -j LOG

echo “—> step 2 complete”

#

# 3. ip masquerade 설정

#

iptables -t nat -A POSTROUTING -o $EXTIF -s 192.168.10.0/24 \\

-j MASQUERADE

echo “—> step 3 complete”