Debian Clusters for Education and Research: The Missing Manual

IPTables Script

From Debian Clusters

This script is used to configure iptables for DNAT and SNAT (destination/source network address translation). It's part of the NAT with IPTables page and explained there. This file should be saved to /etc/init.d/local and symlinked to /etc/rcS.d/S39local.

#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=local
DESC="local services"

# Replace this with your firewall's static IP
EXTERNIP="X.X.X.X"

# The IP address of the internal machine that will respond to SSH requests
SSHHOST="192.168.1.200"

# The IP range of the internal network
LOCALNET="192.168.1.0/24"

case "$1" in
  start)
        iptables -t nat -A POSTROUTING -d ! ${LOCALNET} -j SNAT --to ${EXTERNIP}
        iptables -t nat -A PREROUTING --dst ${EXTERNIP} -p tcp --dport 22 -j DNAT --to-destination ${SSHHOST}
        echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
        ;;
  stop)
        echo 0 > /proc/sys/net/ipv4/conf/all/forwarding
        iptables -t nat -F
        ;;
     *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop}" >&2
        exit 1
        ;;
esac

exit 0

Retrieved from "http://debianclusters.cs.uni.edu/index.php/IPTables_Script"

Views

Personal tools

About

services

node images

clustering

web monitoring

Search

Toolbox

Documenting the creation of a Debian cluster is an ongoing project and as such, details change as software sources update.
Please send any corrections or suggestions to kwanous <at> debianclusters <dot> org.

All content on this site written 2008 by Kristina Wanous. Information is provided with no warranty or guarantee.
Debian Clusters is not affiliated with the Debian Project or the debian.org website.

About Debian Clusters Disclaimers