#!/bin/bash
IPTABLES=/sbin/iptables
IFCONFIG=/sbin/ifconfig
MODPROBE=/sbin/modprobe
if [ $# -lt 1 ]; then
echo Usage $0 GatewayIP
exit
fi
GATEWAYIP=$1
echo -n Setup network card ...
public_ip=`ifconfig eth0 | sed -n 's/\([ \t]*\)inet addr:\([^ \t]*\)\(.*\)/\2/p'`
$IFCONFIG eth0:1 $GATEWAYIP netmask 255.255.255.0
[ $? -eq 0 ] || exit
echo OK
echo Load necessary modules
MODULEPATH=/lib/modules/`uname -r`/kernel/net/ipv4/netfilter
KERNELMAJOR=`uname -r`
KERNELMAJOR=${KERNELMAJOR%%-*}
left=${KERNELMAJOR#*.}
left=${left#*.}
left=".$left"
KERNELMAJOR=${KERNELMAJOR%$left}
if [ -d $MODULEPATH ]; then
for i in $MODULEPATH/ip_nat_*; do
if [ "X$KERNELMAJOR" = "X2.6" ]; then
i=${i%.ko}
else
i=${i%.o}
fi
i=${i##*/}
echo -n Load module $i ...
$MODPROBE $i
[ $? -eq 0 ] || exit
echo OK
done
fi
echo -n Allow forwarding ...
echo 1 > /proc/sys/net/ipv4/ip_forward
[ $? -eq 0 ] || exit
echo OK
echo -n Set default rules ...
$IPTABLES -P FORWARD DROP &&
$IPTABLES -F FORWARD &&
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT &&
$IPTABLES -t nat -F POSTROUTING
[ $? -eq 0 ] || exit
echo OK
while read ip ; do
echo -n Allow $ip ...
$IPTABLES -A FORWARD -s $ip/32 -j ACCEPT &&
$IPTABLES -t nat -A POSTROUTING -s $ip/32 -j SNAT --to-source $public_ip
[ $? -eq 0 ] || exit
echo OK
done < /etc/iplist.conf