Knowurtech.com

Platform: - RED hat Linux 9.0
Keywords: - writing scripts in Linux, creating firewall rules, enabling IP forwarding, find command
Author: - Dinesh Aggarwal

When we talk about scripts,  a general conception comes into mind that it must be something to do with programming and it must be something difficult to do. Believe me its not that difficult.

We will demonstrate writing a simple script to enable ip forwarding between two interfaces and restoring the firewall rules. Lets break it into three parts.

Part1:- Enabling IP forwarding between two interfaces.

[root@TEST root]# echo "1" >> /proc/sys/net/ipv4/ip_forward

Once you type the above command the default value of 0 changes to 1 as shown below.

[root@TEST root]# more /proc/sys/net/ipv4/ip_forward

1

Now connect two nic cards of Linux to two different networks and the routing between these two networks will be taken care by IP forwarding.

Part2:- Creating firewall rules

FIREWALL RULES
=====================
root@TEST root]# iptables -A INPUT -j ACCEPT
root@TEST root]# iptables -A OUTPUT -j ACCEPT
root@TEST root]# iptables -A FORWARD -j ACCEPT

This rules accepts all packets

CHECKING FIREWALL RULES
===========================

root@TEST root]#[root@TEST root]#  iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

<

SAVING FIREWALL RULES
=================================

iptables-save > /fwrules

Above command will save the firewall rules in file names fwrules

To check the contents of fwrules file give the following command

more /fwrules

# Generated by iptables-save v1.2.7a on Wed Oct 19 17:23:33 2007
*mangle
:PREROUTING ACCEPT [356412938:106438417146]
:INPUT ACCEPT [5021674:676017047]
:FORWARD ACCEPT [349292932:105346278738]
:OUTPUT ACCEPT [453727:30085342]
:POSTROUTING ACCEPT [350963151:105400693920]
COMMIT
# Completed on Wed Oct 19 17:23:33 2007
# Generated by iptables-save v1.2.7a on Wed Oct 19 17:23:33 2007
*nat
:PREROUTING ACCEPT [4692040:606205343]
:POSTROUTING ACCEPT [2036006:125755965]
:OUTPUT ACCEPT [106:8128]
COMMIT
# Completed on Wed Oct 19 17:23:33 2007
# Generated by iptables-save v1.2.7a on Wed Oct 19 17:23:33 2007
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 172.16.105.170 -d 172.16.200.0 -j DROP
-A INPUT -j ACCEPT
-A FORWARD -j ACCEPT
-A OUTPUT -j ACCEPT
COMMIT
# Completed on Wed Oct 19 17:23:33 2007

Part 3:- Creating script

Let’s name the script netreconfig

CONFIGURING SCRIPT
==================================

vi /usr/sbin/netreconfig

echo "Welcome to Net Reconfiguration Utility"
sleep 2
echo "Wait while modifying the IP Forward..."
echo "1" > /proc/sys/net/ipv4/ip_forward
sleep 2
echo "IP Forwarding enabled"
clear
echo "Restoring  the Firewall Rules from /fwrules....."
sleep 2
iptables-restore </fwrules
echo "IP Tables restored"
~

GIVING PERMISSION TO EXECUTE BATCH FILE
===============================================

chmod +x /usr/sbin/netreconfig

Above command will give permission to run netreconfig file a s a batch file or command
That’s it. You have created a script. So every time you restart you pc or something happens to firewall rules or ip forwarding, just write the following command

Netreconfig

 And your firewall rules and ip forwarding will be restored.

Adding script to startup

You want this scrip to run everytime your pc starts, just type

Vi  /etc/rc.local

And insert the following command, save the file and exit.

Netreconfig

Rc.local is run every time your pc is restarted.

FIND COMMAND
=====================
Find is a very useful command. If you want to find where is netreconfig file located, just type the following.

[root@localhost root]# find / -name netreconfig

If you have any suggestions or want to add more to this article do write us an email articles@knowurtech.com