diff options
Diffstat (limited to 'multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router')
| -rwxr-xr-x | multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router | 81 |
1 files changed, 57 insertions, 24 deletions
diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router index 27287e0..c4c2d86 100755 --- a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router +++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router @@ -3,7 +3,7 @@ set -e do_start() { - lan_interfaces=$(echo "$1" | sed "s/,/ /g") + lan_interfaces=$(echo "$lan" | sed "s/,/ /g") echo "Configuring firewall rules..." # Flush all the tables first @@ -18,38 +18,35 @@ do_start() { # Allow packets in for existing socket connections iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - # Accept all from LAN interfaces (always accept on eth0) - iptables -t filter -A INPUT -i eth0 -j ACCEPT + # Accept all from LAN interfaces for i in $lan_interfaces; do - if [ "$i" != "eth0" ]; then - iptables -t filter -A INPUT -i $i -j ACCEPT - fi + iptables -t filter -A INPUT -i $i -j ACCEPT + + # Accept ssh from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p tcp --dport 22 -j ACCEPT + # Accept http from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p tcp --dport 80 -j ACCEPT + # Accept tftp from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p udp --dport 69 -j ACCEPT done - # Accept ssh from the LAN (Wired) - #iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT - # Accept http from the LAN (Wired) - #iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT - # Accept tftp from the LAN (Wired) - #iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT - # Accept ssh from the WAN (Wireless) - #iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT + #iptables -t filter -A INPUT -i $wan -p tcp --dport 22 -j ACCEPT # Accept http from the WAN (Wireless) - #iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT + #iptables -t filter -A INPUT -i $wan -p tcp --dport 80 -j ACCEPT - # Allow packet fowarding from LAN interfaces to ppp0 (cell router) + # Allow packet fowarding from LAN interfaces to WAN (cell router) iptables -t filter -P FORWARD DROP iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT for i in $lan_interfaces; do - iptables -t filter -A FORWARD -i $i -o ppp0 -j ACCEPT + iptables -t filter -A FORWARD -i $i -o $wan -j ACCEPT done # Allow all output packets iptables -t filter -P OUTPUT ACCEPT # enable NAT for cell router - iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE + iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE echo "Enabling packet forwarding..." # turn on packet forwarding last @@ -74,20 +71,56 @@ do_stop() { echo "Done" } -if [[ $# < 1 || $# > 2 ]]; then - echo "Usage: $(basename $0) start|stop [lan-interfaces]" - echo " lan-interfaces: comma-separated list of LAN interfaces to forward to cellular" - echo " defaults to \"eth0\"" +usage() { + echo "Usage: $(basename $0) start|stop [options]" + echo " options:" + echo " -l <lan-interfaces> LAN interfaces to allow, comma-separated (defaults to \"eth0\")" + echo " -w <wan-interface> WAN interface to route out (defaults to \"ppp0\")" exit 1 +} + +# main +if [[ $# < 1 ]]; then + usage fi -case $1 in +cmd=$1 +shift + +while getopts "l:w:h" opt; do + case "$opt" in + l) + l=$OPTARG + ;; + w) + w=$OPTARG + ;; + h) + usage + ;; + *) + usage + ;; + esac +done + +# default lan to eth0 if not specified +lan=${l-eth0} +# default wan to ppp0 if not specified +wan=${w-ppp0} + +case $cmd in start) - do_start "${2:-eth0}" + echo "LAN: $lan" + echo "WAN: $wan" + do_start ;; stop) do_stop ;; + *) + usage + ;; esac exit 0 |