#!/bin/sh
# Setting IPTABLES paling sederhana untuk masquerading
######################################################

# Konstanta
$IPT=”iptables”
$LOAD=”/sbin/modprobe”

# Interface
# Kalau pakai modem, ganti RED=ppp0

RED=”eth0″
RED_NET=192.168.1.2

#BLUE=ra0
#BLUE_NET=192.168.2.0/24

GREEN=”eth1″
GREEN_NET=192.168.0.0/24

PORT=”3128″
#——————————–
# Inisialisasi IPTABLES
$LOAD ip_tables
$LOAD iptable_filter
$LOAD iptable_nat
$LOAD ip_conntrack
$LOAD ip_conntrack_ftp
$LOAD ip_nat_ftp
$LOAD ip_conntrack_irc
$LOAD ip_nat_irc

#——————————–
# Kosongkan rumus-rumus IPTABLES
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X

#——————————–
# Rumus default
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT ACCEPT

#——————————–
#ip route add default scope global nexthop via 192.168.100.101 dev $RED weight 1 nexthop via 10.64.64.65 dev $BLUE weight 1
# Rumus masquerading, IP statik
#$IPT -t nat -A POSTROUTING -o $RED -j SNAT –to -source $RED_IP

# Rumus masquerading, lebih komplit
#$IPT -t nat -A POSTROUTING -s $GREEN_NET -o $RED -j SNAT –to -source $RED_NET

# Kalau RED anda IP dinamik (ppp0), gunakan
$IPT -t nat -A POSTROUTING -o $RED -j MASQUERADE
# $IPT -t nat -A POSTROUTING -o $BLUE -j MASQUERADE
$IPT -t nat -A PREROUTING -i $GREEN -p tcp –dport 80 -j REDIRECT –to-port $PORT
#$IPT -t nat -A PREROUTING -i $BLUE -p tcp –dport 80 -j REDIRECT –to-port 3128
# $IPT -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 192.168.0.254:3128
#$IPT -t nat -A PREROUTING -i $BLUE -p tcp –dport 80 -j DNAT –to-destination 192.168.0.254:3128
#iptables -t nat -A OUTPUT -p tcp –dport 80 -j DNAT –to-destination 192.168.0.1:3128 iptables -t nat -A PREROUTING -p tcp –dport 80 -j DNAT –to- destination 192.168.0.254:3128
#$IPT -A INPUT -i $BLUE -p tcp -d 192.168.0.254 -s 192.168.1.1 –dport 9333 -m state –state NEW,ESTABLISHED -j ACCEPT
#$IPT -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT –to 192.168.0.254
#$IPT -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-port 3128
#$IPT -t filter -A INPUT -p tcp –dport 9333 -j ACCEPT
#——————————–
# Rumus forward, hanya dari dalam atau luar related
#$IPT -t mangle -A PREROUTING -d 10.1.2.10 -j DROP
$IPT -A FORWARD -i $GREEN -o $RED -j ACCEPT
#$IPT -A FORWARD -i $BLUE -o $RED -j ACCEPT
$IPT -A FORWARD -i $RED -o $GREEN -m state –state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A FORWARD -i $RED -o $BLUE -m state –state ESTABLISHED,RELATED -j ACCEPT

#——————————–
# Rumus INPUT, hanya terima dari dalam atau luar yang related
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -i $GREEN -j ACCEPT
#$IPT -A INPUT -i $BLUE -j ACCEPT
$IPT -A INPUT -i $RED -m state –state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A INPUT  -p icmp -m icmp –icmp-type echo-request -j REJECT
#$IPT -A OUTPUT  -p icmp -m icmp –icmp-type echo-reply -j REJECT

#$IPT -A FORWARD -p ICMP -i $GREEN –icmp-type 24 -j REJECT
#$IPT -A FORWARD -p ICMP -i $BLUE –icmp-type 24 -j REJECT
#$IPT -A INPUT -i $BLUE -m state –state ESTABLISHED,RELATED -j ACCEPT
#——————————–
## Allow some ports
if [ “$PORT_IN” != “ALL” ]; then
for PORT in $PORT_IN ; do
$IPT -A INPUT -p udp –dport $PORT -j ACCEPT
$IPT -A INPUT -p tcp –dport $PORT -j ACCEPT
done
else
$IPT -A INPUT -p udp -j ACCEPT
$IPT -A INPUT -p tcp -j ACCEPT
fi

# Hidupkan forwarding
echo “1” > /proc/sys/net/ipv4/ip_forward

Iklan