IPTABLES masquerading firewall

IPTABLES masquerading firewall is a self contained script that enables and sets basic masquerading (assuming kernel kernel support already exists) at boot time. You may use this example, or modify existing init scripts to include the code.

Under Linux kernel 2.4.x, packet mangling has considerably changed. This includes the masquerading, firewalling, and port forwarding features. This document assumes you're using modules, if you're not, disregard the code in the following script that tests for the loaded module.

#!/bin/sh

# YOU MUST SET THE FOLLOWING THREE VARIABLES

# Set the full path to iptables
PROG=/path/to/iptables

# Set network interface to masquerade on. This will be the interface
# thats connected to the Internet. Possibilities include ppp0, eth0,
# eth1, etc.
IFACE=eth0

# Set machine or network to masquerade. This can be set as hostname, IP address,
# or network mask, examples:
# Hostname your_hostname
# IP address 192.168.1.2
# Net mask 192.168.1.0/24 This masquerades ALL machines on 192.168.1.x
INTNET=192.168.1.2

# Enable IP Masquerading in the kernel
echo 1 > /proc/sys/net/ipv4/ip_forward

# Test if iptable_nat module is loaded, its boot time, not likely :)
if [ -z "`lsmod|grep iptable_nat`" ];
then
modprobe iptable_nat
fi

# Test if existing MASQ rules exist, its boot time, not likely :)
if [ -z "`$PROG -L -t nat|grep MASQUERADE`" ];
then
$PROG -t nat -A POSTROUTING -o $IFACE -s $INTNET -j MASQUERADE
fi

Product's homepage