Moxa TC-6110-T-LX [117/117] A sample firewall

TC-6110 Linux User's Manual Sample Scripts & Firewall Rules

C-4

exit 1

;;

esac

rc_exit

A Sample Firewall

#!/bin/bash

# If you put this shell script in the /home/nat.sh

# Remember to chmod 744 /home/nat.sh

# Edit the rc.local file to make this shell startup automatically.

# vi /etc/rc.local

# Add a line in the end of rc.local /home/nat.sh

EXIF= “eth0” #This is an external interface for setting up a valid IP address.

EXNET= “192.168.4.0/24” #This is an internal network address.

# Step 1. Insert modules.

# Here 2> /dev/null means the standard error messages will be dump to null device.

modprobe ip_tables 2> /dev/null

modprobe ip_nat_ftp 2> /dev/null

modprobe ip_nat_irc 2> /dev/null

modprobe ip_conntrack 2> /dev/null

modprobe ip_conntrack_ftp 2> /dev/null

modprobe ip_conntrack_irc 2> /dev/null

# Step 2. Define variables, enable routing and erase default rules.

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

export PATH

echo “1” > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -F

/sbin/iptables -X

/sbin/iptables -Z

/sbin/iptables -F -t nat

/sbin/iptables -X -t nat

/sbin/iptables -Z -t nat

/sbin/iptables -P INPUT ACCEPT

/sbin/iptables -P OUTPUT ACCEPT

/sbin/iptables -P FORWARD ACCEPT

/sbin/iptables -t nat -P PREROUTING ACCEPT

/sbin/iptables -t nat -P POSTROUTING ACCEPT

/sbin/iptables -t nat -P OUTPUT ACCEPT

# Step 3. Enable IP masquerade.

#ehco 1 > /proc/sys/net/ipv4/ip_forward

#modprobe ipt_MASQUERADE

#iptables –t nat –A POSTROUTING –o eth0 –j MASQUERADE