networking related repo -initial commit

simple IP masquerade service and scripts for LAN2WAN
master
David Kebler 2020-05-06 17:34:34 -07:00
parent 12296fe615
commit f1e547339e
4 changed files with 63 additions and 0 deletions

0
install.sh Executable file
View File

23
masquerade-stop.sh Executable file
View File

@ -0,0 +1,23 @@
#! /bin/bash
IPTABLES=/sbin/iptables
WANIF='enxa0cec80eba42'
LANIF='eth0'
echo 'Stopping LAN IP Masquerade'
echo 'Disable Kernel IP forwarding...'
/bin/echo 0 > /proc/sys/net/ipv4/ip_forward
# flush rules and delete chains
echo 'Flushing ALL rules and deleting existing chains...'
$IPTABLES -P INPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
$IPTABLES -F
echo 'Done.'

13
masquerade.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Wants=network-online.target
After=network-online.target
[Service]
Type=simple
RemainAfterExit=yes
ExecStart=/opt/network/masquerade.sh
ExecReload=/opt/network/masquerade.sh
ExecStop=/opt/network/masquerade-stop.sh
[Install]
WantedBy=multi-user.target

27
masquerade.sh Executable file
View File

@ -0,0 +1,27 @@
#! /bin/bash
IPTABLES=/sbin/iptables
WANIF='enxa0cec80eba42'
LANIF='eth0'
echo 'Starting IP Masquerade of LAN to WAN NIC'
# enable ip forwarding in the kernel
echo 'Enabling Kernel IP forwarding...'
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
# flush rules and delete chains
echo 'Flushing rules and deleting existing chains...'
$IPTABLES -F
$IPTABLES -X
# enable masquerading to allow LAN internet access
echo 'Enabling IP Masquerading and other rules...'
$IPTABLES -t nat -A POSTROUTING -o $LANIF -j MASQUERADE
$IPTABLES -A FORWARD -i $LANIF -o $WANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $WANIF -o $LANIF -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
$IPTABLES -A FORWARD -i $WANIF -o $LANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $LANIF -o $WANIF -j ACCEPT
echo 'Done.'