cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#Configurar el IP de la interfaz eth0
ifconfig eth0 192.168.0.1 netmask 255.255.255.0
iptables -F
iptables -X
iptables -Z
iptables -t nat -F
# EXTERNAL -> external network interface
# INTERNAL -> internal network interface
EXTERNAL=wlan0
INTERNAL=eth0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "Setting up NAT (Network Address Translation)..."
# by default, nothing is forwarded.
iptables -P FORWARD DROP
# Allow all connections OUT and only related ones IN
iptables -A FORWARD -i $EXTERNAL -o $INTERNAL -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i $INTERNAL -o $EXTERNAL -j ACCEPT
# enable MASQUERADING
iptables -t nat -A POSTROUTING -o $EXTERNAL -j MASQUERADE
# para proxy transparente, leer sobre squid transparente.
iptables -t nat -A PREROUTING -i $INTERNAL -p tcp --dport 80 -j REDIRECT --to-port 3128
exit 0
No hay comentarios:
Publicar un comentario