一個通用的NAT腳本，非常方便

支持直接接入方式和PPPOE撥號方式，前部分有配置和注解，應該不難看懂

#! /bin/bash
# Project by Platinum, 2005-05-12
# Debug on 2005-05-20

# Set default gateway (如果MODE==ADSL，此項可以忽略)
GATEWAY="外網網關"

# Set Interface WAN (如果MODE==ADSL，此項可以忽略)
WAN_IP="外網IP地址"
WAN_ETH="外網網卡"
WAN_MASK="外網掩碼"

# Set Interface LAN
LAN_IP="內網IP地址"
LAN_NET="內網網絡地址"
LAN_ETH="內網網卡"
LAN_MASK="內網掩碼"

# Set manager
MANAGER_IP="內網管理員IP"
MANAGER_MAC="內網管理員MAC"

# Initialize modules
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
echo 1 > /proc/sys/net/ipv4/ip_forward

# Initialize Interface LAN
ifconfig $LAN_ETH $LAN_IP netmask $LAN_MASK

# Initialize policy
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -F
iptables -t nat -F

# Deny ACK attack
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables -A FORWARD -p tcp ! --syn -m state --state NEW -j DROP

# Initialize Rules
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i $LAN_ETH -s $MANAGER_IP -m mac --mac-source $MANAGER_MAC -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

case "$MODE" in
  LAN)
     # Initialize Interface WAN
     ifconfig $WAN_ETH $WAN_IP netmask $WAN_MASK
     iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_ETH -j SNAT --to $WAN_IP
  ;;
  ADSL)
     iptables -t nat -A POSTROUTING -s $LAN_NET -o ppp0 -j MASQUERADE
     GATEWAY=`ifconfig ppp0|grep inet|awk '{print }'|awk -F: '{print }'`
  ;;
esac

ip route replace default via $GATEWAY

原文轉自：http://www.kjueaiud.com