#!/bin/bash
#

## Firewall Script
#  01-07-26  by Erik Wegner
#  masq-up <InternalInterface> <ExternalInterface>
#

INT=$1  # Interface
EXT=$2  # Network

if test -z $1 || test -z $2 ; then
	echo "masq-up <InternalInterface> <ExternalInterface>"
	echo "e.g.: masq-up eth0 ippp0"
	exit 2
fi

# Pfad zu IPTables
if test -z $IPTABLES ; then
	IPTABLES=/usr/sbin/iptables
fi

# Test fr PROC
if test -z $PROC ; then
	PROC=/proc/sys/net/ipv4
fi

echo -e "\n# Masquerading $INT <-> $EXT..."

echo "$IPTABLES -t nat -A POSTROUTING -o $EXT -j MASQUERADE"

echo "echo \"1\" > $PROC/ip_forward   # wieder einschalten"
echo "echo \"1\" > $PROC/ip_dynaddr"


# Pakete nach drauen, Verbindung bereits aufgebaut
echo "$IPTABLES -A OUTPUT \\"
echo "	-m state --state ESTABLISHED,RELATED -j ACCEPT"

echo "$IPTABLES -A FORWARD -i $INT -o $EXT \\"
echo "	-m state --state ESTABLISHED,RELATED -j ACCEPT"

# Rckkanal
echo "$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT"
echo "$IPTABLES -A INPUT -m state --state NEW,INVALID -j my_drop"

echo "$IPTABLES -A FORWARD -i $EXT -o $INT \\"
echo "	-m state --state ESTABLISHED,RELATED -j ACCEPT"
echo "$IPTABLES -A FORWARD -i $EXT -o $INT \\"
echo "	-m state --state NEW,INVALID -j my_drop"

