freewrt_1_0
freewrt_2_0
| Line | |
|---|
| 1 | #!/bin/sh
|
|---|
| 2 | . /etc/config/network
|
|---|
| 3 |
|
|---|
| 4 | WAN="$wan_ifname"
|
|---|
| 5 | LAN="$lan_ifname"
|
|---|
| 6 |
|
|---|
| 7 | iptables -F input_rule
|
|---|
| 8 | iptables -F output_rule
|
|---|
| 9 | iptables -F forwarding_rule
|
|---|
| 10 | iptables -t nat -F prerouting_rule
|
|---|
| 11 | iptables -t nat -F postrouting_rule
|
|---|
| 12 |
|
|---|
| 13 | ### BIG FAT DISCLAIMER
|
|---|
| 14 | ## The "-i $WAN" is used to match packets that come in via the $WAN interface.
|
|---|
| 15 | ## it WILL NOT MATCH packets sent from the $WAN ip address -- you won't be able
|
|---|
| 16 | ## to see the effects from within the LAN.
|
|---|
| 17 |
|
|---|
| 18 | ### Open port to WAN
|
|---|
| 19 | ## -- This allows port 22 to be answered by (dropbear on) the router
|
|---|
| 20 | # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
|
|---|
| 21 | # iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
|
|---|
| 22 |
|
|---|
| 23 | ### Port forwarding
|
|---|
| 24 | ## -- This forwards port 8080 on the WAN to port 80 on 192.168.1.2
|
|---|
| 25 | # iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 8080 -j DNAT --to 192.168.1.2:80
|
|---|
| 26 | # iptables -A forwarding_rule -i $WAN -p tcp --dport 80 -d 192.168.1.2 -j ACCEPT
|
|---|
| 27 |
|
|---|
| 28 | ### DMZ
|
|---|
| 29 | ## -- Connections to ports not handled above will be forwarded to 192.168.1.2
|
|---|
| 30 | # iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
|
|---|
| 31 | # iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
