[LARTC] what am i doing wrong?

Thu Sep 29 20:03:04 CEST 2005

#!/bin/sh
PPP=(ppp0 ppp1)
IP=(`ifconfig ${PPP[0]}|sed -n 2p|column -s ":" -t|awk '{print $3}'` 
`ifconfig ${PPP[1]}|sed -n 2p|column -s ":" -t|awk '{print $3}'`)
GATEWAY=(`ifconfig ${PPP[0]}|sed -n 2p|column -s ":" -t|awk '{print $5}'` 
`ifconfig ${PPP[1]}|sed -n 2p|column -s ":" -t|awk '{print $5}'`)
MASK=(`ifconfig ${PPP[0]}|sed -n 2p|column -s ":" -t|awk '{print $7}'` 
`ifconfig ${PPP[1]}|sed -n 2p|column -s ":" -t|awk '{print $7}'`)
ip route add ${MASK[0]} dev ${PPP[0]} src ${IP[0]} table 0
ip route add default via ${GATEWAY[0]} table 0
ip route add ${MASK[1]} dev ${PPP[1]} src ${IP[1]} table 1
ip route add default via ${GATEWAY[1]} table 1
ip route add ${MASK[0]} dev ${PPP[0]} src ${IP[0]}
ip route add ${MASK[1]} dev ${PPP[1]} src ${IP[1]}
ip route add default via ${GATEWAY[0]}
ip rule add from ${IP[0]} table 0
ip rule add from ${IP[1]} table 1
iptables -F
iptables -F -t nat
iptables -F -t mangle
iptables -A INPUT -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i ppp1 -p tcp -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -i ppp1 -p tcp -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -i ppp0 -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -i ppp+ -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -i ppp0 -p udp -m udp --dport 123 -j ACCEPT
iptables -A INPUT -i ppp1 -p tcp -m tcp --dport 55000:55500 -j ACCEPT
iptables -A INPUT -i ppp+ -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp+ -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp -m tcp --dport 4662 -j ACCEPT
iptables -A FORWARD -i ppp1 -p tcp -m tcp --dport 4663 -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp -m udp --dport 4672 -j ACCEPT
iptables -A FORWARD -i ppp1 -p udp -m udp --dport 4673 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp -m tcp --dport 5000:5010 -j ACCEPT
iptables -A FORWARD -i ppp0 -p tcp -m tcp --dport 15402 -j ACCEPT
iptables -A FORWARD -i ppp0 -p udp -m udp --dport 15402 -j ACCEPT
iptables -A FORWARD -i ppp+ -m state --state NEW,INVALID -j DROP
iptables -t mangle -A PREROUTING -p icmp -m icmp -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK 
ACK -m length --length 0:128 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK 
ACK -m length --length 128: -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 20 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 21 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 22 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A PREROUTING -p udp -m udp --sport 53 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A PREROUTING -p udp -m udp --sport 123 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A OUTPUT -p icmp -m icmp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m 
length --length 0:128 -j TOS --set-tos Minimize-Delay
iptables -t mangle -A OUTPUT -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -m 
length --length 128: -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 20 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 21 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 22 -j TOS --set-tos 
Minimize-Delay
iptables -t mangle -A OUTPUT -p udp -m udp --dport 53 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A OUTPUT -p tcp -m tcp --dport 80 -j TOS --set-tos 
Maximize-Throughput
iptables -t mangle -A OUTPUT -p udp -m udp --dport 123 -j TOS --set-tos 
Minimize-Delay
iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 4662 -j 
DNAT --to 192.168.0.16:4662
iptables -t nat -A PREROUTING -i ppp1 -p tcp -m tcp --dport 4663 -j 
DNAT --to 192.168.0.62:4663
iptables -t nat -A PREROUTING -i ppp0 -p udp -m udp --dport 4672 -j 
DNAT --to 192.168.0.16:4672
iptables -t nat -A PREROUTING -i ppp1 -p udp -m udp --dport 4673 -j 
DNAT --to 192.168.0.62:4673
iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 5000:5010 -j 
DNAT --to 192.168.0.16:5000-5010
iptables -t nat -A PREROUTING -i ppp0 -p tcp -m tcp --dport 15402 -j 
DNAT --to 192.168.0.16:15402
iptables -t nat -A PREROUTING -i ppp0 -p udp -m udp --dport 15402 -j 
DNAT --to 192.168.0.16:15402
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j DNAT --to 
192.168.0.1:3128
iptables -t nat -A POSTROUTING -o ppp0 -s 192.168.0.16 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp1 -s 192.168.0.0/26 -j MASQUERADE

default gateway for internet connections is set to ppp0

and what i want from it:

1. tcp port 80 and udp ports 53, 123 accesible on ppp0
2. tcp ports 20, 21, 80, 55000-55500 accessible on ppp1
3. tcp ports 4662, 5000-5010, 15402 and udp ports 4672, 15402 accesible on 
ppp0 and forwarded to 192.168.0.16
4. tcp port 4663 and udp port 4673 accessible on ppp1 and forwarded to 
192.168.0.62
5. 192.168.0.16 masqueraded on ppp0
6. while all other clients from 192.168.0.0/26 masqueraded on ppp1

it doesn't work. am i missing something? 