linux.or.id

share juga yah...
saya untuk saat ini pake script berikut (diambil dari buku nya kang onno), silahkan di modif sesuai kebutuhan anda.

#!/bin/bash
#
# share.sh
# by: rantarou
# Internet Routing simple script including firewall and port forwarding
# This script is still on early stage, people are welcome for modifications
# and improvements.

# Internet connection interface, my network using ADSL bridge mode on PPP0

UPLINK="ppp0"

# if you run the gateway as router and forward IP packet between eth devices
# please fill "yes", and if not please fill "no"

ROUTER="yes"

# Please change these IP to your static IP address of uplink device
# For those who use dial-up or dynamic IP, please enter "dynamic"

NAT="dynamic"

# Please list all network interfaces including eth devices
# as well as dial-up interfaces such as ppp0

INTERFACES="lo eth0 eth1 ppp0"

# Main Program begins

if [ "$1" = "start" ]
then
echo "Activate firewall ..... "
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
/sbin/iptables -A INPUT -i ${UPLINK} -p tcp -s 0/0 --dport 20 -j ACCEPT
/sbin/iptables -A INPUT -i ${UPLINK} -p tcp -s 0/0 --dport 21 -j ACCEPT
/sbin/iptables -A INPUT -i ${UPLINK} -p tcp -s 0/0 --dport 22 -j ACCEPT
/sbin/iptables -A INPUT -i ${UPLINK} -p tcp -s 0/0 --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -i ${UPLINK} -p tcp -s 0/0 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -i ${UPLINK} -p tcp -s 0/0 --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -i ${UPLINK} -p tcp -s 0/0 --dport 28014 -j ACCE PT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# turn off packet spoofing in all interfaces
for x in ${INTERFACES}
do
echo 1 > /proc/sys/net/ipv4/conf/${x}/rp_filter
done

if [ "$ROUTER" = "yes" ]
then
# Activate IP forwarding at router
echo 1 > /proc/sys/net/ipv4/ip_forward

if [ "$NAT" = "dynamic" ]
then
# Dynamic IP address activate masquerading
echo "Activating Masquerading (Dynamic IP)"
/sbin/iptables -t nat -A POSTROUTING -o ${UPLINK} -j MASQUERADE
elif [ "$NAT" != "" ]
then
# Static IP address use source NAT
echo "Activating Masquerading (Static IP)"
/sbin/iptables -t nat -A POSTROUTING -o ${UPLINK} -j SNAT --to ${NAT}
fi

echo "Activate port forwarding ....."
/sbin/iptables -t nat -A PREROUTING -i ${UPLINK} -p tcp --dport 28014 -d 0/0 -j DNAT --to 192.168.1.2:28014
/sbin/iptables -t nat -A PREROUTING -i ${UPLINK} -p udp --dport 28014 -d 0/0 -j DNAT --to 192.168.1.2:28014
/sbin/iptables -A FORWARD -i ${UPLINK} -p tcp -d 192.168.1.2 --dport 28014 -j AC CEPT
/sbin/iptables -A FORWARD -i ${UPLINK} -p udp -d 192.168.1.2 --dport 28014 -j AC CEPT

fi

elif [ "$1" = "stop" ]
then
echo "Deactivate Firewall ..... "
/sbin/iptables -F INPUT
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -F FORWARD
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -F OUTPUT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -F PREROUTING
fi

thank bro ..