#! /bin/sh
#
# skeleton Example initscript
# This file should be used to construct scripts to be
# placed in /etc/init.d.
#
# Author: Miquel van Smoorenburg .
# Ian Murdock .
#
# Please remove the "Author" lines above and replace them
# with your own name if you copy and modify this script.
#
# Version: @(#)skeleton 2.85-23 28-Jul-2004 miquels@cistron.nl
#
#####################################################################################################################
EXTIF_LIST="eth1 ppp0"
INTIF="eth0"
#PORT_LIST="80 8080" # redirect to 3128
MOD_LIST="ip_nat_pptp ip_tables ip_conntrack ip_conntrack ip_conntrack_ftp ip_conntrack_irc iptable_nat ip_nat_ftp ip_nat_irc"
#####################################################################################################################
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="MASQ daemon"
NAME=masq
DAEMON='/etc/ln/$NAME'
STOP="iptables -F"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
IPTABLES=/usr/sbin/iptables
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
#echo $DAEMON
# Gracefully exit if the package has been removed.
#test -x $DAEMON || exit 0
# echo "ssssss"
# Read config file if it is present.
#if [ -r /etc/default/$NAME ]
#then
# . /etc/default/$NAME
#fi
#
# Function that starts the daemon/service.
#
d_start()
{
echo
echo "LOADING $DESC"
echo
echo " External Interface(s): $EXTIF_LIST"
echo " Internal Interface : $INTIF"
echo
echo " ---[KERNEL MODULES]------------------------------------"
for MOD in $MOD_LIST; do
echo -en " * loading kernel module :\t $MOD ... \t"
$MODPROBE $MOD
echo "OK"
done
echo " -------------------------------------------------------"
echo -en " Enabling forwarding ..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "OK"
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,
# enable this following option. This enables dynamic-address hacking
# which makes the life with Diald and similar programs much easier.
#
echo -en " Enabling DynamicAddr..."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo "OK"
echo
# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet but not
# allow non-initiated traffic into your internal network.
#
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#
#Clearing any previous configuration
#
# Unless specified, the defaults for INPUT and OUTPUT is ACCEPT
# The default for FORWARD is DROP (REJECT is not a valid policy)
#
echo
echo -n " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
echo OK
echo
for EXTIF in $EXTIF_LIST; do
echo -en " $EXTIF | Allow FORWARD [$EXTIF=>$INTIF]: "
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
echo -n "OK, "
echo -en "[$INTIF => $EXTIF]:"
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p gre -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -p tcp -m tcp --dport 1723 -j ACCEPT
#$IPTABLES -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#$IPTABLES -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
echo -n "OK | "
echo -en "MASQUERADE: "
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
echo "OK."
done
echo -e "\n ports redirect : "
for PORT in $PORT_LIST; do
echo -e -n " * REIRECT $INTIF:$PORT\t=> lo:3128\n";
$IPTABLES -t nat -A PREROUTING -i $INTIF -p tcp --dport $PORT -j REDIRECT --to-port 3128
done
echo "done."
# -- BEGIN OF BLOCK ADDED BY ACID JACK --
}
#
# Function that stops the daemon/service.
#
d_stop() {
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -F
$IPTABLES -t nat -F
for EXTIF in $EXTIF_LIST; do
echo -n " $EXTIF "
done
}
# Function that sends a SIGHUP to the daemon/service.
case "$1" in
start)
echo -n "Starting $DESC: $NAME ::: "
d_start
echo "."
;;
stop)
echo -n "Stopping $DESC: $NAME ::: "
d_stop
echo "."
;;
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
# If the daemon responds to changes in its config file
# directly anyway, make this an "exit 0".
#
# echo -n "Reloading $DESC configuration..."
# d_reload
# echo "done."
#;;
reload|restart|force-reload)
#
# If the "reload" option is implemented, move the "force-reload"
# option to the "reload" entry above. If not, "force-reload" is
# just the same as "restart".
#
echo -n "Restarting $DESC: $NAME"
d_stop
sleep 1
d_start
echo "."
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 1
;;
esac
exit 0