########################################################################## ## Variables IPTABLES="/sbin/iptables" ## Location of iptables binary SERIAL="" ## Leave field empty if diald is not in use INTERNAL="eth2" ## Internal Interface EXTERNAL="eth0" ## External Interface LOOPBACK="lo" ## Loopback Interface DMZ_IF="eth1" ## DMZ Interface IRC="y" ## y/n, Enable for DCC connection-track EGG="n" ## y/n, Enable for Eggdrop HUB-bot on your net DMZ="y" ## y/n, Enable to use DMZ MASQ_TYPE="STAT-NOCHECK" ## Use "STAT" if static IP is used on EXTERNAL ## else just leave blank CHECK_MAC="n" ## y/n, Enable to check macadress on internal hosts ########################################################################## DMZ_NET="129.93.93.0/255.255.255.240" ## DMZ NET INTERNAL_NET="10.0.0.0/255.255.0.0" ## Internal Net/s. Separate with comma INT_IP="10.0.1.254" ## IP address of the Internal Interface DMZ_IP="129.93.93.1" ## IP address of the DMZ interface EXT_IP="129.93.226.90" ## IP address of the External Interface. ## Only needed if MASQ_TYPE is set to STAT and ## REDIR2PROXY is set to dnat IPLIMIT_SSH="0" ## Limit inbound ssh_connections/ip/net. Disable with 0 SNAT_MASQ_REDIRECT="y" ## Optional SNAT/Masquerading and Redirection ## Former known as "MASQ_REDIRECT_HOST" TRUST_EXT="0/0 " ## External Hosts that we trust for ## (ICMP Echo Request AND ssh) ########################################################################## ## DNAT - REDIRECTION OF SERVERAL PROTOCOLS TO MACHINES BEHIND THE ## FIREWALL ## SSH REDIRECT SSH_REDIR="n" REDIR_SSH_EXT_PORT="3000" ## SSH-Port on External Interface REDIR_SSH_INT="10.0.10.115:80" ## Destination-Host IP and Port ## HTTP REDIRECT HTTP_REDIR="n" REDIR_HTTP_EXT_PORT="2000" ## HTTP-Port on External Interface REDIR_HTTP_INT="10.0.10.115:80" ## Destination-Host IP and Port ########################################################################## INTERNAL_TCP_PORTS="20,21,22,25,53,80,443,110,113,123,119,389,993,40000,1024:" INTERNAL_UDP_PORTS="22,23,53,123,80,1024:" EXTERNAL_TCP_PORTS="20,21,22,25,53,80,110,113,119,389,443,993" ## TCP-ports that we want to open up on the EXTERNAL interface EXTERNAL_UDP_PORTS="22,53,389" ## UDP-ports that we want to open up on the EXTERNAL interface NETBIOS="n" ## Set to "y" for allowing Local NETBIOS access REDIR2PROXY="n" ## Options are "n,local,dnat". Use local if ## proxy is localhost, dnat if other box, n if ## to disable proxying of 80/tcp and 443/tcp FOREIGN_PROXY="194.17.248.139" ## If "dnat" is set in REDIR2PROXY we'll need a box to send our packets to PROXY_PORT="8080" ## Optional Proxyport DMZ_TCP_PORTS="53,123,1024:" ## TCP-ports that we want to open up on the DMZ interface DMZ_TCP_MACHINEPORTS="129.93.93.5p80,129.93.93.5p1024:,129.93.93.4p80,129.93.93.4p1024:,129.93.93.3p80,129.93.93.3p1024:,129.93.93.2p80,129.93.93.2p1024:" ## same as above for certain machines with certain tcp-ports DMZ_UDP_PORTS="53,123" ## UDP-ports that we want to open up on the DMZ interface DMZ_UDP_MACHINEPORTS="129.93.93.5p40000,129.93.93.4p40000" ## same as above for certain machines with certain udp-ports USE_FXP="0" ## Enables FXP for FTPclients IRCTRACK="6665,6666,6667,6668,6669,7000" ## Track these ports on IRC. ## (MAX 8 by default) Thanks Patrick Bauer FTP_PORT="21" ## FTP port/s (MAX 8 by default) that we want to track ## Separate with a comma. F.e. "21,6921,2121" ## Requires ip_conntrack_ftp.o Leave empty if ## patch-o-matic ftp haven't been applied GATEWAY="129.93.226.10" ## Our Gateway LOGLEVEL="debug" ## Choose which level messages should be logged as ## Loglevels can be found in 'man 2 syslog' LIMITLEVEL="5/minute" ## Set your limitrate here. Check iptables ## manpage for more info VERSION="1.0" READY="y" ## Set to "y" to enable the script. This is for your own safety