This is an old revision of the document!
Home Router
a PC with more than one ethernet devices:
- LAN: interface for internal network (10.0.0.1/24)
- WAN1: interface for main internet access (192.168.1.10/24, gateway on 192.168.1.254)
- WAN2: interface for secondary internet access (192.168.0.10/24, gateway on 192.168.0.1)
- MOBILE: emergency interface for internet access (192.168.42.10/24 gateway on 192.168.42.129)
This script:
- 01-nat.start
#!/bin/bash source /etc/conf.d/nat LAN=enp0s31f6 # internal network WAN= WAN_IP= WAN_GW= if [ "$D" != "" ] then echo NOTICE: enabled demo mode fi if [ "$mode" = "fastweb" ] then WAN=enp59s0u2u4c2 WAN_IP=192.168.1.10 WAN_GW=192.168.1.254 elif [ "$mode" = "vodafone" ] then WAN=enp0s20f0u4u4c2 WAN_IP=192.168.0.10 WAN_GW=192.168.0.1 elif [ "$mode" = "mobile" ] then WAN=enp0s20f0u5u3 WAN_IP= WAN_GW=192.168.42.129 else echo ERROR: invalid value of \"$mode\" for \$mode echo mode must me one of: "fastweb|vodafone|mobile" exit 255 fi if [ "$WAN" = "" ] then echo invalid selection exit 254 fi echo Extracting $WAN details... if [ "$WAN_IP" = "" ] then WAN_IP=$(ip -f inet addr show $WAN | grep -Po 'inet \K[\d.]+') fi echo Will use $WAN with SNAT to $WAN_IP and default gateway $WAN_GW echo Flushing tables clean... $D iptables -F $D iptables -F -t nat $D iptables -F -t mangle echo Setting up security... $D iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $D iptables -A INPUT -m state --state NEW -i $LAN -j ACCEPT $D iptables -P INPUT DROP echo Enabling SNAT to $mode $D iptables -t nat -A POSTROUTING -o $WAN -j SNAT --to $WAN_IP echo Enabling IP forwarding... echo 1 > /proc/sys/net/ipv4/ip_forward echo Removing old default route... $D ip route del to default echo Setting up new default route... $D ip route add default dev $WAN echo 'All done!'
With following config file under /etc/conf.d/nat:
- nat
# Valid for mode= fastweb|vodafone|mobile mode=mobile # unset this to actually do something: D=echo