networking related repo -initial commit

simple IP masquerade service and scripts for LAN2WAN

masquerade-stop.sh

@@ -0,0 +1,23 @@
+#! /bin/bash
+
+IPTABLES=/sbin/iptables
+
+WANIF='enxa0cec80eba42'
+LANIF='eth0'
+
+echo 'Stopping LAN IP Masquerade'
+
+echo 'Disable Kernel IP forwarding...'
+/bin/echo 0 > /proc/sys/net/ipv4/ip_forward
+
+# flush rules and delete chains
+echo 'Flushing ALL rules and deleting existing chains...'
+
+$IPTABLES -P INPUT ACCEPT
+$IPTABLES -P FORWARD ACCEPT
+$IPTABLES -P OUTPUT ACCEPT
+$IPTABLES -t nat -F
+$IPTABLES -t mangle -F
+$IPTABLES -F
+
+echo 'Done.'

masquerade.service

@@ -0,0 +1,13 @@
+[Unit]
+Wants=network-online.target
+After=network-online.target
+
+[Service]
+Type=simple
+RemainAfterExit=yes
+ExecStart=/opt/network/masquerade.sh
+ExecReload=/opt/network/masquerade.sh
+ExecStop=/opt/network/masquerade-stop.sh
+
+[Install]
+WantedBy=multi-user.target

masquerade.sh

@@ -0,0 +1,27 @@
+#! /bin/bash
+
+IPTABLES=/sbin/iptables
+
+WANIF='enxa0cec80eba42'
+LANIF='eth0'
+echo 'Starting IP Masquerade of LAN to WAN NIC'
+# enable ip forwarding in the kernel
+echo 'Enabling Kernel IP forwarding...'
+/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
+
+# flush rules and delete chains
+echo 'Flushing rules and deleting existing chains...'
+$IPTABLES -F
+$IPTABLES -X
+
+# enable masquerading to allow LAN internet access
+echo 'Enabling IP Masquerading and other rules...'
+$IPTABLES -t nat -A POSTROUTING -o $LANIF -j MASQUERADE
+$IPTABLES -A FORWARD -i $LANIF -o $WANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
+$IPTABLES -A FORWARD -i $WANIF -o $LANIF -j ACCEPT
+
+$IPTABLES -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
+$IPTABLES -A FORWARD -i $WANIF -o $LANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
+$IPTABLES -A FORWARD -i $LANIF -o $WANIF -j ACCEPT
+
+echo 'Done.'