Linux - Router NAT with some restrictions
A simple IPtables script that allows forwarding from one interface to the other connecting 2 subnets while restricting access to the second.
eth0:192.168.0.1 (internet)
eth1:192.168.1.1 (lan)
The /bin/nat-up script:
Another script has been created to disable the NAT on demand (/bin/nat-down) containing:
Thank you for playing :)
eth0:192.168.0.1 (internet)
eth1:192.168.1.1 (lan)
The /bin/nat-up script:
iptables -t nat -F POSTROUTING
iptables -F FORWARD
iptables --policy FORWARD DROP
iptables -A POSTROUTING -t nat -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 192.168.0.1
# Full forwarding access to one host
iptables -A FORWARD -s 192.168.1.2 -j ACCEPT
iptables -A FORWARD -d 192.168.1.2 -j ACCEPT
# Access to one host only for the rest of the subnet
iptables -A FORWARD -s 192.168.1.0/24 -d host1 -j ACCEPT
iptables -A FORWARD -s host1 -d 192.168.1.0/24 -j ACCEPT
# Enable Forwarding...
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "IPtables - NAT enabled ... "
Another script has been created to disable the NAT on demand (/bin/nat-down) containing:
iptables -t nat -F POSTROUTING
iptables -F FORWARD
echo 0 > /proc/sys/net/ipv4/ip_forward
echo "IPtables - NAT disabled ... "
Thank you for playing :)
