Archive for January, 2010

Hi all,
remember the previous post about an easy way to transform a netbook in a router for hsdpa connections? Well, I decided to make a new version of the script that i proposed in that post.
The new version is a little bit wide. I mean, on netbook I have four network interfaces: ethernet, wireless, pan and dun. Sometimes I use bridge, tap, etc. In this situation that script needs to edited every time, changing internal and external interface… very boring, i know.

So this is the rule: the script is callable with a list of interfaces, the first is the gateway and others are the sources. Simple, don’t you?

#!/bin/sh
echo -e "\n Configuring NAT:"
IPTABLES=/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
if [ ! -n "$2" ]; then
  res=65 #bad arguments
  msg="Usage: `basename $0` extif intif[s]"
else
  msg="done.\n"
  res=0
  echo -en " - loading modules: "
  echo -en "ip_tables, "
  $MODPROBE ip_tables
  echo -en "ip_conntrack, "
  $MODPROBE ip_conntrack
  echo -en "ip_conntrack_ftp, "
  $MODPROBE ip_conntrack_ftp
  echo -en "ip_conntrack_irc, "
  $MODPROBE ip_conntrack_irc
  echo -en "iptable_nat, "
  $MODPROBE iptable_nat
  echo -en "ip_nat_ftp, "
  $MODPROBE ip_nat_ftp
  echo ""
  echo " - Enabling forwarding "
  echo "1" > /proc/sys/net/ipv4/ip_forward
  echo " - Enabling DynamicAddr"
  echo "1" > /proc/sys/net/ipv4/ip_dynaddr
  echo " - Clearing any existing rules and setting default policy"
  $IPTABLES -P INPUT ACCEPT
  $IPTABLES -F INPUT
  $IPTABLES -P OUTPUT ACCEPT
  $IPTABLES -F OUTPUT
  $IPTABLES -P FORWARD DROP
  $IPTABLES -F FORWARD
  $IPTABLES -t nat -F
  EXTIF=$1
  echo -n " - Forwarding: "
  for int in "$@"; do
    if [ "$int" != "$EXTIF" ]; then
      echo -n "$int, "
      $IPTABLES -A FORWARD -i $EXTIF -o $int -m state --state ESTABLISHED,RELATED -j ACCEPT
      $IPTABLES -A FORWARD -i $int -o $EXTIF -j ACCEPT
    fi
  done
  $IPTABLES -A FORWARD -j LOG
  echo ""
  echo " - Masquerade: $EXTIF"
  $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
fi
if [ -n "$msg" ]; then
  echo -e "$msg"
fi
exit $res

Actually, I use this script to manage virtualbox lan connections, but this is another story.
Cheers to all.

Advertisements