Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / etc / firehol / examples / home-adsl.conf < prev next >

Wrap

Text File | 2005-10-18 | 3KB | 127 lines

# # $Id: home-adsl.conf,v 1.6 2003/10/12 13:43:42 ktsaou Exp $ # # THIS IS AN OLD EXAMPLE SCRIPT, LEFT HERE FOR HISTORICAL REASONS # PLEASE USE THE lan-gateway.conf EXAMPLE. # # CASE: # Configuration file for a home router with two Ethernet interfaces: # one connected to an ADSL modem (loop) # another for the local LAN (hub / switch) # # Traffic is routed through a PPP interface # # The PPP interface gets a dynamic (random) IP address and the LAN works # with private IP addresses. # # The PCs on the local LAN are trusted. They can access all the services # this Linux box is running. # # This script can also setup a transparent cache for all the PCs on the # local LAN. version 5 # ---------------------------------------------------------------------- # The Ethernet interface your Linux is connected to the ADSL device. adsl_interface="eth0" # The IP address of the above interface. # If empty, this script will try to find it by itself. adsl_interface_ip="" # The IP address of your ADSL device. # If empty, the generated iptables rules will match any source IP # which is highly discouraged. adsl_modem_ip="" # The Ethernet interface your Linux talks with other PCs in your LAN. home_interface="eth1" # Public services for the Internet your linux box should allow. internet_services="smtp http" # At what frequency to accept requests from the internet? internet_requests="10/sec" # The port of a squid proxy server on this Linux box. If you set this # you will get a transparent web cache. # If you don't have this, empty this field. proxy_port="3128" # ---------------------------------------------------------------------- # Normally, you don't have to edit anything bellow. # ---------------------------------------------------------------------- # Code to do add some optional arguments to the ADSL interface. adsl_params= # Find the IP address of the ADSL interface in case # the user did not gave it to us. if [ -z "${adsl_interface_ip}" ] then adsl_interface_ip=`ifconfig | grep -A 1 ${adsl_interface} | grep "inet addr:" | cut -d ':' -f 2 | cut -d ' ' -f 1` fi # Build the optional rule parameters, if we have the adsl_interface_ip if [ -z "${adsl_interface_ip}" ] then error "Please set 'adsl_interface_ip' in the configuration file." else adsl_params="${adsl_params} dst ${adsl_interface_ip}" fi # Build the optional rule parameters, if we have the adsl_modem_ip if [ ! -z "${adsl_modem_ip}" ] then adsl_params="${adsl_params} src ${adsl_modem_ip}" fi # ---------------------------------------------------------------------- # Setup a transparent proxy on this host. if [ ! -z "${proxy_port}" ] then iptables -t nat -A PREROUTING -i ${home_interface} -p tcp --dport 80 -j REDIRECT --to-port ${proxy_port} fi # ADSL loop for connecting to the ADSL device interface "${adsl_interface}" loop ${adsl_params} # accept everything on the ADSL loop policy accept # Trusted LAN for local PCs interface "${home_interface}" home policy accept # ADSL ppp for internet traffic interface ppp+ internet src not "${UNROUTABLE_IPS}" protection strong ${internet_requests} # Public Services server "${internet_services}" accept # Speed up idents server ident reject with tcp-reset # This is a workstation client all accept # Route traffic for the clients on the LAN router myrouter inface ppp+ outface "${home_interface}" # masquerade on ppp+ masquerade reverse # route all client traffic client all accept