[네트워크] iptables 을 이용한 masq script
#
# pppo/eth1을 각각 EXTIF/INTIF 변수로 선언
#
EXTIF=”eth0″
INTIF=”eth1″
echo “—> External Ethernet Interface : $EXTIF”
echo “—> Internal Ethernet Interface : $INTIF”
#
# iptables + ftp 사용을 위한 모듈 등록
#
echo “—> iptables module up <—”
/sbin/depmod -a
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_nat_ftp
/sbin/insmod iptable_nat
#
# ip_forward 를 위한 커널매개변수 수정
#
echo “1” > /proc/sys/net/ipv4/ip_forward
#
# Dynamic IP 사용을 위한 커널매개변수 수정
#
echo “1” > /proc/sys/net/ipv4/ip_dynaddr
#
# IP forwarding / Masquerading 설정
#
echo “—> Setting up IP forwarding/masquerading <—”
#
# 1. 기존 rule을 지우고, 새로운 rule을 적용하기위한 정책설정
#
iptables -P INPUT ACCEPT
iptables -F INPUT
iptables -P OUTPUT ACCEPT
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
echo “—> step 1 complete”
#
# 2. iptables rule 설정
#
iptables -A FORWARD -i $EXTIF -o $INTIF -m state –state \\
ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
iptables -A FORWARD -j LOG
echo “—> step 2 complete”
#
# 3. ip masquerade 설정
#
iptables -t nat -A POSTROUTING -o $EXTIF -s 192.168.10.0/24 \\
-j MASQUERADE
echo “—> step 3 complete”