what am i doing wrong?

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

#!/bin/sh
PPP=(ppp0 ppp1)
IP=(`ifconfig ${PPP[0]}|sed -n 2p|column -s ":" -t|awk '{print $3}'` `ifconfig ${PPP[1]}|sed -n 2p|column -s ":" -t|awk '{print $3}'`) GATEWAY=(`ifconfig ${PPP[0]}|sed -n 2p|column -s ":" -t|awk '{print $5}'` `ifconfig ${PPP[1]}|sed -n 2p|column -s ":" -t|awk '{print $5}'`) MASK=(`ifconfig ${PPP[0]}|sed -n 2p|column -s ":" -t|awk '{print $7}'` `ifconfig ${PPP[1]}|sed -n 2p|column -s ":" -t|awk '{print $7}'`) 
ip route add ${MASK[0]} dev ${PPP[0]} src ${IP[0]} table 0
ip route add default via ${GATEWAY[0]} table 0
ip route add ${MASK[1]} dev ${PPP[1]} src ${IP[1]} table 1
ip route add default via ${GATEWAY[1]} table 1
ip route add ${MASK[0]} dev ${PPP[0]} src ${IP[0]}
ip route add ${MASK[1]} dev ${PPP[1]} src ${IP[1]}
ip route add default via ${GATEWAY[0]}
ip rule add from ${IP[0]} table 0
ip rule add from ${IP[1]} table 1
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -A INPUT -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp1 -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -i ppp1 -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -i ppp0 -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -i ppp+ -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -p udp -m udp --dport 123 -j ACCEPT
iptables -A INPUT -i ppp1 -p tcp -m tcp --dport 55000:55500 -j ACCEPT
iptables -A INPUT -i ppp+ -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp -m tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -i ppp1 -p tcp -m tcp --dport 4663 -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp -m udp --dport 4672 -j ACCEPT
iptables -A FORWARD -i ppp1 -p udp -m udp --dport 4673 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp -m tcp --dport 5000:5010 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp -m tcp --dport 15402 -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp -m udp --dport 15402 -j ACCEPT
iptables -A FORWARD -i ppp+ -m state --state NEW,INVALID -j DROP
iptables -t mangle -A PREROUTING -p icmp -m icmp -j TOS --set-tos Minimize-Delay iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length 0:128 -j TOS --set-tos Minimize-Delay iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length 128: -j TOS --set-tos Maximize-Throughput iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos Minimize-Delay iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos Minimize-Delay iptables -t mangle -A PREROUTING -p udp -m udp --sport 53 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A PREROUTING -p udp -m udp --sport 123 -j TOS --set-tos Minimize-Delay 
iptables -t mangle -A OUTPUT -p icmp -m icmp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length 0:128 -j TOS --set-tos Minimize-Delay iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m length --length 128: -j TOS --set-tos Maximize-Throughput iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 20 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 21 -j TOS --set-tos Minimize-Delay iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 22 -j TOS --set-tos Minimize-Delay iptables -t mangle -A OUTPUT -p udp -m udp --dport 53 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -j TOS --set-tos Maximize-Throughput iptables -t mangle -A OUTPUT -p udp -m udp --dport 123 -j TOS --set-tos Minimize-Delay iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 4662 -j DNAT --to 192.168.0.16:4662 iptables -t nat -A PREROUTING -i ppp1 -p tcp -m tcp --dport 4663 -j DNAT --to 192.168.0.62:4663 iptables -t nat -A PREROUTING -i ppp0 -p udp -m udp --dport 4672 -j DNAT --to 192.168.0.16:4672 iptables -t nat -A PREROUTING -i ppp1 -p udp -m udp --dport 4673 -j DNAT --to 192.168.0.62:4673 iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 5000:5010 -j DNAT --to 192.168.0.16:5000-5010 iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 15402 -j DNAT --to 192.168.0.16:15402 iptables -t nat -A PREROUTING -i ppp0 -p udp -m udp --dport 15402 -j DNAT --to 192.168.0.16:15402 iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to 192.168.0.1:3128 
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.16 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp1 -s 192.168.0.0/26 -j MASQUERADE

default gateway for internet connections is set to ppp0

and what i want from it:

1. tcp port 80 and udp ports 53, 123 accesible on ppp0
2. tcp ports 20, 21, 80, 55000-55500 accessible on ppp1
3. tcp ports 4662, 5000-5010, 15402 and udp ports 4672, 15402 accesible on ppp0 and forwarded to 192.168.0.16 4. tcp port 4663 and udp port 4673 accessible on ppp1 and forwarded to 192.168.0.62 
5. 192.168.0.16 masqueraded on ppp0
6. while all other clients from 192.168.0.0/26 masqueraded on ppp1
it doesn't work. am i missing something? 
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux