Guest User

Untitled

a guest
Jan 19th, 2017
79
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.50 KB | None | 0 0
  1. #!/bin/sh
  2. # squid server IP
  3. SQUID_SERVER="192.168.1.1"
  4. # Interface connected to Internet
  5. INTERNET="eth0"
  6. # Interface connected to LAN
  7. LAN_IN="eth1"
  8. # Squid port
  9. SQUID_PORT="3128"
  10. # DO NOT MODIFY BELOW
  11. # Clean old firewall
  12. iptables -F
  13. iptables -X
  14. iptables -t nat -F
  15. iptables -t nat -X
  16. iptables -t mangle -F
  17. iptables -t mangle -X
  18. # Load IPTABLES modules for NAT and IP conntrack support
  19. modprobe ip_conntrack
  20. modprobe ip_conntrack_ftp
  21. # For win xp ftp client
  22. #modprobe ip_nat_ftp
  23. echo 1 > /proc/sys/net/ipv4/ip_forward
  24. # Setting default filter policy
  25. iptables -P INPUT DROP
  26. iptables -P OUTPUT ACCEPT
  27. # Unlimited access to loop back
  28. iptables -A INPUT -i lo -j ACCEPT
  29. iptables -A OUTPUT -o lo -j ACCEPT
  30. # Allow UDP, DNS and Passive FTP
  31. iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT
  32. # set this system as a router for Rest of LAN
  33. iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE
  34. iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT
  35. # unlimited access to LAN
  36. iptables -A INPUT -i $LAN_IN -j ACCEPT
  37. iptables -A OUTPUT -o $LAN_IN -j ACCEPT
  38. # DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy
  39. iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER:$SQUID_PORT
  40. # if it is same system
  41. iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT
  42. # DROP everything and Log it
  43. iptables -A INPUT -j LOG
  44. iptables -A INPUT -j DROP
Add Comment
Please, Sign In to add comment