#!/bin/bash
#============================================================================================
# Internet Sharing
# Name : Aditya Maulana
# e-mail : aagink@gmail.com
# Contoh : ./internetsharing (start|stop|restart|status)
#============================================================================================
NIC_Publik=eth0
NIC_Lokal=eth1
Lokal_IP=192.168.0.0/24
PROXY_PORT=8080
IP_Lokal=`ifconfig $NIC_Lokal | grep inet | cut -d : -f 2 | cut -d \ -f 1`
IP_Publik=`ifconfig $NIC_Publik | grep inet | cut -d : -f 2 | cut -d \ -f 1`
case "$1" in
start)
iptables -F
echo "Internet Sharing Aktif...!!!"
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 2 > /proc/sys/net/ipv4/conf/all/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
# echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 1 > /proc/sys/net/ipv4/conf/all/log_martians
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
# echo 30 > /proc/sys/net/ipv4/tcp_fin_timeouts
echo 2400 > /proc/sys/net/ipv4/tcp_keepalive_time
# echo 0 > /proc/sys/net/ipv4/tcp_window/scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
# NAT
iptables -t nat -A POSTROUTING -s $Lokal_IP -d 0/0 -j SNAT --to $IP_Publik
# Transparan Proxy
iptables -t nat -I PREROUTING -s $Lokal_IP -d 0/0 -p tcp --dport 80 -j DNAT --to $IP_Lokal:$PROXY_PORT
# Transparan TProxy
# iptables -t tproxy -A PREROUTING -i $NIC_Lokal -p tcp --dport 80 -j TPROXY --on-port $PROXY_PORT
# Drop NetBIOS
# Tujuan Port
iptables -A FORWARD -p tcp --dport 135:139 -j DROP
iptables -A FORWARD -p tcp --dport 445 -j DROP
iptables -A FORWARD -p udp --dport 135:139 -j DROP
iptables -A FORWARD -p udp --dport 445 -j DROP
# Sumber Port
iptables -A FORWARD -p tcp --sport 135:139 -j DROP
iptables -A FORWARD -p tcp --sport 445 -j DROP
iptables -A FORWARD -p udp --sport 135:139 -j DROP
iptables -A FORWARD -p udp --sport 445 -j DROP
stop)
echo "Internet Sharing Non Aktif...!!!"
echo 0 > /proc/sys/net/ipv4/ip_forward
# Hapus Semua Aturan Yang Ada Pada IPTABLES
iptables -F
iptables -F -t nat
iptables -X
iptables -X -t nat
echo
;;
restart)
echo "Internet Sharing Restart...!!!"
$0 stop
$0 start
echo
;;
status)
iptables -L -n | more
iptables -L -n -t nat | more
;;
esac
Internet Sharing
Labels:
Linux
Subscribe to:
Post Comments (Atom)
Comments :
Post a Comment