ipchains – NAT Sample
#!/bin/sh
#
#
# Invoked from /etc/rc.d/init.d/firewall.
# chkconfig: – 60 95
# description: Starts and stops the IPCHAINS Firewall \
# used to provide Firewall network services.
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
if [ ! -x /sbin/ipchains ]; then
exit 0
fi
# See how we were called.
case “$1″ in
start)
echo -n “Starting Firewalling Services: ”
ipchains -F # Clean all rules
ipchains -X # Clean user-defined chain
echo “1″ > /proc/sys/net/ipv4/ip_forward
echo “1″ > /proc/sys/net/ipv4/ip_always_defrag
# load module for NAT soure redirect
/sbin/modprobe ip_masq_ftp ports=21,4559 #FTP, Hylafax
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971 # realplayer,rstp, quicktime, wmplayer…etc
/sbin/modprobe ip_masq_irc #IRC
/sbin/modprobe ip_masq_vdolive #VOD
/sbin/modprobe ip_masq_cuseeme #cuseeme
/sbin/modprobe ip_masq_quake #quake
/sbin/modprobe ip_masq_pptp #PPTP
ipchains -P forward DENY # Define default policy forward deny
ipchains -M -S 36000 10 60 # Define MASQ time out
ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ # NAT rule
;;
stop)
echo -n “Shutting Firewalling Services: ”
# Remove all existing rules belonging to this filter
ipchains -F
# Delete all user-defined chain to this filter
ipchains -X
# Reset the default policy of the filter to accept.
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT
;;
status)
status firewall
;;
restart|reload)
$0 stop
$0 start
;;
*)
echo “Usage: firewall {start|stop|status|restart|reload}”
exit 1
esac
exit 0