#!/bin/sh INET_IP=`ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 's/addr://'` LAN_IP=`ifconfig eth1 | grep 'inet addr' | awk '{print $2}' | sed -e 's/addr://'` IPT="/sbin/iptables" /sbin/depmod -a /sbin/modprobe ip_tables /sbin/modprobe ip_conntrack /sbin/modprobe iptable_filter /sbin/modprobe iptable_mangle /sbin/modprobe iptable_nat /sbin/modprobe ipt_LOG /sbin/modprobe ipt_limit /sbin/modprobe ipt_state /sbin/modprobe ipt_owner /sbin/modprobe ipt_REJECT /sbin/modprobe ipt_MASQUERADE /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_conntrack_irc echo 0 > /proc/sys/net/ipv4/ip_forward $IPT -A INPUT -t filter -i lo -j ACCEPT $IPT -A INPUT -t filter -i eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPT -A INPUT -t filter -i eth0 -m state --state NEW,INVALID -j DROP #from lan $IPT -A FORWARD -t filter -i eth1 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT $IPT -A FORWARD -t filter -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPT -A FORWARD -t filter -i eth0 -m state --state NEW,INVALID -j DROP #nat $IPT -A POSTROUTING -t nat -o eth0 -s 192.168.0.0/24 -d 0/0 -j MASQUERADE #open ports $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 22 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 22 -j ACCEPT $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 25 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 25 -j ACCEPT $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 53 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 53 -j ACCEPT $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 80 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 80 -j ACCEPT $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 81 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 81 -j ACCEPT $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 300 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 300 -j ACCEPT $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 6667 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 6667 -j ACCEPT $IPT -A FORWARD -t filter -p tcp -i eth0 --dport 6699 -j ACCEPT $IPT -A INPUT -t filter -p tcp -i eth0 --dport 6699 -j ACCEPT # tried all 3 #$IPT -A PREROUTING -t nat -p tcp --dport 81 -j DNAT --to 192.168.0.2 #$IPT -t nat -A PREROUTING -p tcp --dport 81 -i eth0 -j DNAT --to 192.168.0.2:80 #$IPT -A PREROUTING -t nat -p tcp --dport 81 -j DNAT --to 192.168.0.2:80 $IPT -A INPUT -p UDP -s 0/0 --source-port 1024:65535 -j ACCEPT $IPT -A INPUT -t filter -i eth0 -m state --state NEW,INVALID -j DROP $IPT -A FORWARD -t filter -i eth0 -m state --state NEW,INVALID -j DROP echo 1 > /proc/sys/net/ipv4/ip_forward