====== NAT ======


== kód scriptu: ==

<code bash>
#!/bin/sh

# NAT Scrip V2.0
# (c) 2008 Martin Saidl
# martin.saidl(AT)tone.cz

CONF_DIR="/etc/firewall"
IPTBL="/sbin/iptables"

do_start()
{
        # Creating NAT chains
        $IPTBL -t nat -N s-nat
        $IPTBL -t nat -N d-nat

        # Adding NAT rules from config file
        cat $CONF_DIR/nat.conf | egrep -v "(^#|^$)" |\
        awk -v IPTBL=$IPTBL '{
                if ($5 == ">") {
                        IP=$4;
                        PORT=$4;
                        sub(":.*","",IP)
                        if (sub(".*:","",PORT))
                                system(IPTBL" -t nat -A s-nat -o "$3" -s "IP" -p "$1" --sport "PORT" -j SNAT --to "$6);
                        else
                                system(IPTBL" -t nat -A s-nat -o "$3" -s "IP" -p "$1" -j SNAT --to "$6);
                }
                if ($5 == "<") {
                        IP=$6;
                        PORT=$6;
                        sub(":.*","",IP);
                        if (sub(".*:","",PORT))
                                system(IPTBL" -t nat -A d-nat -i "$2" -d "IP" -p "$1" --dport "PORT" -j DNAT --to "$4);
                        else
                                system(IPTBL" -t nat -A d-nat -i "$2" -d "IP" -p "$1" -j DNAT --to "$4);
                }
                if ($5 == "=") {
                        IP=$4;
                        PORT=$4;
                        sub(":.*","",IP)
                        if (sub(".*:","",PORT))
                                system(IPTBL" -t nat -A s-nat -o "$3" -s "IP" -p "$1" --sport "PORT" -j SNAT --to "$6);
                        else
                                system(IPTBL" -t nat -A s-nat -o "$3" -s "IP" -p "$1" -j SNAT --to "$6);
                        IP=$6;
                        PORT=$6;
                        sub(":.*","",IP);
                        if (sub(".*:","",PORT))
                                system(IPTBL" -t nat -A d-nat -i "$2" -d "IP" -p "$1" --dport "PORT" -j DNAT --to "$4);
                        else
                                system(IPTBL" -t nat -A d-nat -i "$2" -d "IP" -p "$1" -j DNAT --to "$4);
                }
        }'
        $IPTBL -t nat -A PREROUTING -j d-nat
        $IPTBL -t nat -A POSTROUTING -j s-nat
}

do_stop()
{
        $IPTBL -t nat -D PREROUTING -j d-nat 2>/dev/null
        $IPTBL -t nat -D POSTROUTING -j s-nat 2>/dev/null
        $IPTBL -t nat -F d-nat 2>/dev/null
        $IPTBL -t nat -F s-nat 2>/dev/null
        $IPTBL -t nat -X d-nat 2>/dev/null
        $IPTBL -t nat -X s-nat 2>/dev/null
}

case "$1" in
start)
        echo -n "Starting NAT: "
        do_start
        echo "done"
;;

restart)
        echo -n "Restarting NAT: "
        do_stop
        do_start
        echo "done"
;;

stop)
        echo -n "Stopping NAT: "
        do_stop
        echo "done"
;;

*)
        echo "Usage: nat {start|restart|stop}"
        exit 1
;;
esac

exit 0

</code>

== Konfigurační soubor: ==

<code>
#all    eth1    eth0    10.0.0.0/24     >       1.2.3.3
#tcp    eth1    eth0    10.0.0.1        =       1.2.3.4
#all    eth1    eth0    10.0.0.2:22     <       1.2.3.5:1022
#all    eth1    eth0    10.0.0.3:22     =       1.2.3.6:44
#all    eth1    eth0    10.0.0.4        >       1.2.3.8

all     eth1    eth0    192.168.1.0/24  >       192.168.2.254
udp     eth1    eth0    10.10.10.1      <       192.168.1.1:53
tcp     eth1    eth0    10.10.10.1      <       0.0.0.0/0:25
</code>