|
This is the schema:
[internet]<-->[ppp0 (dynamic address) - Gateway - 192.168.1.122]<-->[192.168.1.252 - MySQL Server]
and this is the script:
#Setting the EXTERNAL and INTERNAL interfaces for the network
EXTIF="ppp0"
INTIF="eth0"
# Determine the external IP automatically:
EXTIP="`$IFCONFIG $EXTIF | $AWK \
/$EXTIF/'{next}//{split($0,a,":");split(a[2],a," ");print a[1];exit}'`"
# Assign the internal TCP/IP network and IP address
INTNET="192.168.1.0/24"
INTIP="192.168.1.122/32"
# Setting a few other local variables
UNIVERSE="0.0.0.0/0"
echo " - Verifying that all kernel modules are ok"
[... to be more small I supress many lines here...]
echo " Enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " Enabling DynamicAddr.."
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo " Clearing any existing rules.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -F -t nat
# Flush the user chain.. if it exists
if [ -n "`$IPTABLES -L | $GREP drop-and-log-it`" ]; then
$IPTABLES -F drop-and-log-it
fi
# Delete all User-specified chains
$IPTABLES -X
# Reset all IPTABLES counters
$IPTABLES -Z
echo " Creating a DROP chain.."
$IPTABLES -N drop-and-log-it
$IPTABLES -A drop-and-log-it -j LOG --log-level info
$IPTABLES -A drop-and-log-it -j REJECT
echo -e " - Loading FORWARD rulesets"
$IPTABLES -A FORWARD -i $EXTIF -p tcp --dport 3306 -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED \
-j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
# Catch all rule, all other forwarding is denied and logged.
$IPTABLES -A FORWARD -j drop-and-log-it
echo " - NAT: Enabling SNAT functionality on $EXTIF"
$IPTABLES -t nat -A PREROUTING -p tcp -i $EXTIF --dport 3306 -j DNAT --to 192.168.1.252:3306
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP
Alejandro | 
IncrediMail - El E-mail ha evolucionado finalmente - Haga clic aquí