#!/bin/sh 
# 
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS 
# 
# Load all required IP MASQ modules 
# 
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules 
# are shown below but are commented out from loading. 
# Needed to initially load modules 
# 
/sbin/depmod -a 
# Supports the proper masquerading of FTP file transfers using the PORT method 
# 
/sbin/modprobe ip_masq_ftp 
# Supports the masquerading of RealAudio over UDP. Without this module, 
# RealAudio WILL function but in TCP mode. This can cause a reduction 
# in sound quality 
# 
#/sbin/modprobe ip_masq_raudio 
# Supports the masquerading of IRC DCC file transfers 
# 
#/sbin/modprobe ip_masq_irc 
# Supports the masquerading of Quake and QuakeWorld by default. This modules is 
# for multiple users behind the Linux MASQ server. If you are going to play 
# Quake I, II, and III, use the second example. 
# 
#Quake I / QuakeWorld (ports 26000 and 27000) 
#/sbin/modprobe ip_masq_quake 
# 
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) 
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 
# Supports the masquerading of the CuSeeme video conferencing software 
# 
#/sbin/modprobe ip_masq_cuseeme 
#Supports the masquerading of the VDO-live video conferencing software 
# 
#/sbin/modprobe ip_masq_vdolive 
#CRITICAL: Enable IP forwarding since it is disabled by default since 
# 
# Redhat Users: you may try changing the options in /etc/sysconfig/network from: 
# 
# FORWARD_IPV4=false 
# to 
# FORWARD_IPV4=true 
# 
echo "1" > /proc/sys/net/ipv4/ip_forward 
# Dynamic IP users: 
# 
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following 
# option. This enables dynamic-ip address hacking in IP MASQ, making the life 
# with Diald and similar programs much easier. 
# 
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr 
# MASQ timeouts 
# 
# 2 hrs timeout for TCP session timeouts 
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received 
# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) 
# 
/sbin/ipchains -M -S 7200 10 160 
# DHCP: For people who receive their external IP address from either DHCP or BOOTP 
# such as ADSL or Cablemodem users, it is necessary to use the following 
# before the deny command. The "bootp_client_net_if_name" should be replaced 
# The name of the link that the DHCP/BOOTP server will put an address on to? 
# This will be something like "eth0", "eth1", etc. 
# 
# This example is currently commented out. 
# 
# 
#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp 
# Enable simple IP forwarding and Masquerading 
# 
# NOTE: The following is an example for an internal LAN address in the 192.168.0.x 
# network with a 255.255.255.0 or a "24" bit subnet mask. 
# 
# Please change this network number and subnet mask to match your internal LAN setup 
# 
/sbin/ipchains -P forward DENY 
/sbin/ipchains -A forward -s 10.10.10.1/8 -j MASQ 

# end of file