Draco - IP Masquerade config files

/etc/rc.d/rc.masq

#! /bin/sh
export EXT_IP=205.149.171.200

IPFW="/sbin/ipfwadm"

# Assume eth0 is our trusted interface
TRUSTIF=`/sbin/ifconfig eth0|sed -n -e "s/^[     ]*inet addr\:\([0-9\.]*\).*$/\1/p"`
echo TRUSTIF=$TRUSTIF
MYNET=`echo $TRUSTIF | awk -F. '{print $1 "." $2 "." $3 "."}'`
echo MYNET=$MYNET
LIST=`awk /^$MYNET/'{print $1}' /etc/hosts | grep -v $TRUSTIF`
echo LIST=$LIST

if [ -x $IPFW ]; then

   /sbin/depmod -a
   /sbin/modprobe ip_masq_ftp

   $IPFW -Af
   $IPFW -If
   $IPFW -Of
   $IPFW -Ff

   # Add output rule for local -> Internet
   $IPFW -O -a accept -P all -S ${EXT_IP} -D 0.0.0.0/0

   # This rule defines an output rule for the Internet interface. It states
   # that a packet for any destination on the Internet  is allowed out. This
   # rule applies only to packets for the TCP protocol.

   # Add input rule for Internet -> me for FTP data connection (masqueraded)
   $IPFW -I -a accept -P tcp -S 0.0.0.0/0 20 -D $EXT_IP 1024:65535

   for HOST in $LIST
   do
      # Add input rules for clients -> Internet (will masquerade) 
      $IPFW -I -a accept -P all -V $TRUSTIF -S $HOST -D 0.0.0.0/0 

      # Add output rules for FTP data connection
      $IPFW -O -a accept -P tcp -S 0.0.0.0/0 20 -D $HOST 1024:65535

      # This rule describes packets sent by the hosts on the local net to
      # destinations on the Internet. These packets are  going to be masqueraded
      # by the forwarding rules. As you can see, these packets must be received
      # on the trusted  interface $TRUSTIF (-V option).

      # Add forwarding rules for clients
      $IPFW -F -a masquerade -P all -S $HOST -D 0.0.0.0/0
   done

   $IPFW -Aln
   $IPFW -Iln
   $IPFW -Oln
   $IPFW -Fln
   $IPFW -Mln
fi

Index,

Back

On to DNS