笔记: Linux 简单的网关脚本

这个现在用到的机会不多了, 因为无线路由器什么的都是现成的网关了. 但如果要在一台 Linux 主机上建一些虚拟机, 可能还用的到. eth0 是外网网卡, br0 是局域网网桥.

#!/bin/sh
#this is /etc/network/if-up.d/gateway

PATH=/usr/sbin:/sbin:/bin:/usr/bin

#
# delete all existing rules.
#
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Allow established connections, and those not coming from the outside
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW ! -i eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o br0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i br0 -o eth0 -j ACCEPT

# Masquerade.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# Don't forward from the outside to the inside.
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

# Enable routing.
echo 1 > /proc/sys/net/ipv4/ip_forward

# Kernel mods for FTP
modprobe ip_conntrack
modprobe ip_conntrack_ftp
modprobe ip_nat_ftp

🙂

February 28, 2013

admin

Networking, Opensource

Gateway

3 responses to “笔记: Linux 简单的网关脚本”

leee says:

March 21, 2013 at 7:20 PM

常用的Linux系统有哪些，初学者适合安装什么系统？如果想学习redhat系统，是不是从centos开始学习是一个比较好的选择？
- raynix says:
  
  March 21, 2013 at 7:40 PM
  
  目前Ubuntu依旧是最容易入门的. 我个人觉得学redhat不如学debian.
leee says:

March 21, 2013 at 7:55 PM

好滴，那我先安个debian，学习一下