X-Git-Url: https://git.phdru.name/?a=blobdiff_plain;f=playbooks%2Fdebian%2Froles%2Ffirewall%2Ffiles%2Fetc%2Finit.d%2Frc.masq;fp=playbooks%2Fdebian%2Froles%2Ffirewall%2Ffiles%2Fetc%2Finit.d%2Frc.masq;h=69be427dc34e1b53b012109bada2d3d91cf2126a;hb=2f99edf4242d4378f68da2b4d77efb8aa33bd445;hp=0000000000000000000000000000000000000000;hpb=e04e6116652d0496b51bd2dec7507c5fac209d73;p=ansible.git diff --git a/playbooks/debian/roles/firewall/files/etc/init.d/rc.masq b/playbooks/debian/roles/firewall/files/etc/init.d/rc.masq new file mode 100755 index 0000000..69be427 --- /dev/null +++ b/playbooks/debian/roles/firewall/files/etc/init.d/rc.masq @@ -0,0 +1,92 @@ +#!/bin/sh +# +# rc.masq - IP Masquerade +# +# Load all required IP MASQ modules +# +# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules +# are shown below but are commented out from loading. + +# Needed to initially load modules +# +#/sbin/depmod -a + +# Supports the proper masquerading of FTP file transfers using the PORT method +# +#/sbin/modprobe ip_masq_ftp + +# Supports the masquerading of RealAudio over UDP. Without this module, +# RealAudio WILL function but in TCP mode. This can cause a reduction +# in sound quality +# +#/sbin/modprobe ip_masq_raudio + +# Supports the masquerading of IRC DCC file transfers +# +#/sbin/modprobe ip_masq_irc + + +# Supports the masquerading of Quake and QuakeWorld by default. This modules is +# for for multiple users behind the Linux MASQ server. If you are going to play +# Quake I, II, and III, use the second example. +# +# NOTE: If you get ERRORs loading the QUAKE module, you are running an old +# ----- kernel that has bugs in it. Please upgrade to the newest kernel. +# +#Quake I / QuakeWorld (ports 26000 and 27000) +#/sbin/modprobe ip_masq_quake +# +#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) +#/sbin/modprobe ip_masq_quake 26000,27000,27910,27960 + + +# Supports the masquerading of the CuSeeme video conferencing software +# +#/sbin/modprobe ip_masq_cuseeme + +#Supports the masquerading of the VDO-live video conferencing software +# +#/sbin/modprobe ip_masq_vdolive + + +#CRITICAL: Enable IP forwarding since it is disabled by default since +# +# Redhat Users: you may try changing the options in /etc/sysconfig/network from: +# +# FORWARD_IPV4=false +# to +# FORWARD_IPV4=true +# +echo 1 > /proc/sys/net/ipv4/ip_forward + + +# Dynamic IP users: +# +# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following +# option. This enables dynamic-ip address hacking in IP MASQ, making the life +# with Diald and similar programs much easier. +# +#echo "1" > /proc/sys/net/ipv4/ip_dynaddr + + +IPTABLES=/sbin/iptables + + +# DHCP: For people who receive their external IP address from either DHCP or BOOTP +# such as ADSL or Cablemodem users, it is necessary to use the following +# before the deny command. The "bootp_client_net_if_name" should be replaced +# the name of the link that the DHCP/BOOTP server will put an address on to? +# This will be something like "eth0", "eth1", etc. +# +# This example is currently commented out. +# +# +#$IPCHAINS -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp + +# Enable simple IP forwarding and Masquerading +# +# NOTE: The following is an example for an internal LAN address in the 192.168.0.x +# network with a 255.255.255.0 or a "24" bit subnet mask. +# +# Please change this network number and subnet mask to match your internal LAN setup +#