Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- eth0: -ip 10.0.0.1 -net 10.0.0.0/8 -gw 10.0.0.1 (the servers own intf)
- eth1: -ip 192.168.1.74 -net 192.168.1.0/24 -gw 192.168.1.254
- eth2: -ip 192.168.1.91 -net 192.168.0.0/24 -gw 192.168.0.1
- modprobe iptable_nat
- modprobe ip_conntrack
- echo "1" > /proc/sys/net/ipv4/ip_forward
- iptables -P INPUT ACCEPT
- iptables -F INPUT
- iptables -P OUTPUT ACCEPT
- iptables -F OUTPUT
- iptables -P FORWARD DROP
- iptables -F FORWARD
- iptables -F PREROUTING
- iptables -t nat -F
- iptables -t mangle -F
- iptables -F
- # This next line, restores any issues trying to connect to something
- # if you get weird ACK packets when trying to connect (at least i did)!
- iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
- ip route flush table main
- iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 22 -j MARK --set-mark 1
- ### iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 80 -j MARK --set-mark 1
- iptables -A PREROUTING -i eth0 -t mangle -p tcp --dport 4070 -j MARK --set-mark 1
- ## Setup routes
- # LAN
- route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
- # ADSL
- route add -net 192.168.1.0 netmask 255.255.255.0 dev eth1
- # 4G (Only accessible if marking packages with x01
- route add -net 192.168.0.0 netmask 255.255.255.0 dev eth2
- # Default via ADSL
- ## -- Does the same as ip route below? route add default gw 192.168.1.254
- echo "201 eth2.out" >> /etc/iproute2/rt_tables
- ip rule add fwmark 1 table eth2.out
- ip route add default via 192.168.0.1 dev eth2 table eth2.out
- ip route add default via 192.168.1.254 dev eth1
- ## Setup forwards
- # From 4G to LAN
- iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
- # From ADSL to LAN
- iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
- # From LAN to ADSL (Default route out)
- # - Note: If marked packages is sent to ADSL they will be mangled and rerouted to 4G
- iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
- iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
- iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
- Ignore everything below unless you're interested in retracing my steps!!
- #!/bin/bash
- ## routing tables
- # wireless = 4G via eth2
- # adsl = adsl via eth1
- modprobe iptable_nat
- modprobe ip_conntrack
- echo "1" > /proc/sys/net/ipv4/ip_forward
- iptables -P INPUT ACCEPT
- iptables -F INPUT
- iptables -P OUTPUT ACCEPT
- iptables -F OUTPUT
- iptables -P FORWARD DROP
- iptables -F FORWARD
- iptables -t nat -F
- ip route flush table main
- ip route flush table wireless
- ip route flush table adsl
- ## Setup routing tables
- # ADSL
- ip route add table adsl to 192.168.1.0/24 dev eth1
- # 4G
- ip route add table wireless to 192.168.0.0 dev eth2
- ip rule add fwmark 0x1 table wireless
- ## Setup routes
- # LAN
- route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
- # ADSL
- route add -net 192.168.1.0 netmask 255.255.255.0 dev eth1
- # 4G (Only accessible if marking packages with x01
- route add -net 192.168.0.0 netmask 255.255.255.0 dev eth2
- # Default via ADSL
- route add default gw 192.168.1.254
- ## Forward ports into the LAN
- iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 10.0.0.3:80
- ## Lets mark all packets we want for 4G forward
- # HTTPS
- iptables -A OUTPUT -t mangle -o eth1 -p tcp --dport 443 -j MARK --set-mark 1
- # HTTP
- iptables -A OUTPUT -t mangle -o eth1 -p tcp --dport 80 -j MARK --set-mark 1
- # Spotify
- iptables -A OUTPUT -t mangle -o eth1 -p tcp --dport 4070 -j MARK --set-mark 1
- ## Setup forwards
- # From 4G to LAN
- iptables -A FORWARD -i eth2 -o eth0 -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
- # From ADSL to LAN
- iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
- # From LAN to ADSL (Default route out)
- # - Note: If marked packages is sent to ADSL they will be mangled and rerouted to 4G
- iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
- iptables -A FORWARD -j LOG
- #iptables --table nat --append POSTROUTING --out-interface eth2 --jump SNAT --to-source "192.168.1.74"
- iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
- iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 80 -j SNAT --to "192.168.0.91"
- iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 443 -j SNAT --to "192.168.0.91"
- iptables -t nat -A POSTROUTING -o eth2 -p tcp --dport 4070 -j SNAT --to "192.168.0.91"
- iptables -A PREROUTING -t mangle -i eth0 -p tcp --dport 80 -j MARK --set-mark 1
- ## Lets mark all packets we want for 4G forward
- # HTTPS
- iptables -A POSTROUTING -t mangle -o eth1 -p tcp --dport 443 -j MARK --set-mark 1
- # HTTP
- iptables -A POSTROUTING -t mangle -o eth1 -p tcp --dport 80 -j MARK --set-mark 1
- # Spotify
- iptables -A POSTROUTING -t mangle -o eth1 -p tcp --dport 4070 -j MARK --set-mark 1
- root@Netbridge:~# route -n Kernel IP routing table Destination
- Gateway Genmask Flags Metric Ref Use Iface<br>
- 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1<br>
- 10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0<br>
- 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2<br>
- 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
- root@Netbridge:~# ifconfig
- eth0 Link encap:Ethernet HWaddr 00:0c:29:7e:9e:4e
- inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
- eth1 Link encap:Ethernet HWaddr 00:0c:29:7e:9e:58
- inet addr:192.168.1.74 Bcast:192.168.1.255 Mask:255.255.255.0
- eth2 Link encap:Ethernet HWaddr 00:0c:29:7e:9e:62
- inet addr:192.168.0.91 Bcast:192.168.0.255 Mask:255.255.255.0
- route add default gw 192.168.1.254
- 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1
- MASQUERADE
- sysctl -w net.ipv4.conf.eth1.rp_filter=0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement