How we organized a mini-provider in the village
Having moved to work in the Far North, I was faced with the problem of the lack of a normal Internet (mobile operators do not count, because they are still not satisfied). Having stumbled a couple of weeks with the search for WiFi networks in the neighborhood, I found a kind person who decided to organize some sort of provider with distributing the Internet to everyone over WiFi. But this person had no knowledge and experience in setting up networks and, as a result, the network was not built very well.
After talking, we decided to unite. Somehow I have experience in setting up servers for * nix and building networks, it has equipment and 2-3 channels to the Internet through neighbors and their ADSL modems.
First of all, it was decided to raise the server gateway to the network. Debian was installed as the OS. To distribute the Internet, it was decided to use a combination of iptables + Squid (as a caching proxy), BIND (caching DNS) and dhcpd were also installed and configured for distributing Ip addresses.
On the gateway there are 2 network cards: one “looks” at the local network, the second one at 4 adsl modems. Since I can say no, I have no experience in building networks of providers, it was decided to allow users to connect to different networks via different modems (I ask you not to kick this solution strongly).
')
Webmin was also installed on the server.
Actually, it makes no sense to talk about installing iptables, squid, dhs and dhcp. So, as there are a lot of manuals on the network, I’ll tell you about the small automation that I implemented to facilitate user management for a person who has never encountered * nix.
The scheme of adding users is as follows:
1. The user is registered in dhcp (addresses are issued only to registered users);
2. Then the user is registered on squid;
3. Then a script is launched that parses the squid config and creates rules for the firewall.
Actually, the scripts themselves (clumsy scripts were written on the knee in order to work) (the scripts are in the / etc / nat directory).
Actually parsing the squid config:
As you can see, it processes the config and pulls out all the ip-addresses on a specific mask and, based on the result, launches another script:
This script resets the iptables rules and generates a script that, based on the result, adds the firewall rules.
This script is an example:
As you can see, there is also implemented the ability to add users who have forgotten to pay for the Internet by adding the addresses of these users to the bad file.
Actually, with the distribution of the Internet figured out. But a problem arose: due to frequent jumps in the electrical network, ADSL-modems could hang tightly, because of this, users could not access some of the sites. As a crutch, a script was written that checks the availability of modems and, based on a test, generated a route table from the templates:
According to the results of the script, 2 files are created: the network with the route table and delnet, which, in fact, deletes the old routes at startup:
As an example, give patterns
From the examples one can understand the principle by which the templates were made.
PS Despite the clumsiness of the solution, this gateway already within six months successfully launches about 100 users onto the network. With a minimum of problems.
After talking, we decided to unite. Somehow I have experience in setting up servers for * nix and building networks, it has equipment and 2-3 channels to the Internet through neighbors and their ADSL modems.
First of all, it was decided to raise the server gateway to the network. Debian was installed as the OS. To distribute the Internet, it was decided to use a combination of iptables + Squid (as a caching proxy), BIND (caching DNS) and dhcpd were also installed and configured for distributing Ip addresses.
On the gateway there are 2 network cards: one “looks” at the local network, the second one at 4 adsl modems. Since I can say no, I have no experience in building networks of providers, it was decided to allow users to connect to different networks via different modems (I ask you not to kick this solution strongly).
')
routes
route add-net 0.0.0.0/4 gw 172.16.1.200
route add-net 16.0.0.0/4 gw 172.16.1.201
route add-net 32.0.0.0/4 gw 172.16.1.202
route add-net 48.0.0.0/4 gw 172.16.1.203
route add-net 64.0.0.0/4 gw 172.16.1.200
route add -net 80.0.0.0/4 gw 172.16.1.201
route add -net 96.0.0.0/4 gw 172.16.1.202
route add -net 112.0.0.0/4 gw 172.16.1.203
route add-net 128.0.0.0/4 gw 172.16.1.200
route add -net 144.0.0.0/4 gw 172.16.1.201
route add -net 160.0.0.0/4 gw 172.16.1.202
route add-net 176.0.0.0/4 gw 172.16.1.203
route add-net 192.0.0.0/4 gw 172.16.1.200
route add -net 208.0.0.0/4 gw 172.16.1.201
route add -net 224.0.0.0/4 gw 172.16.1.202
route add -net 240.0.0.0/4 gw 172.16.1.203
route add-net 16.0.0.0/4 gw 172.16.1.201
route add-net 32.0.0.0/4 gw 172.16.1.202
route add-net 48.0.0.0/4 gw 172.16.1.203
route add-net 64.0.0.0/4 gw 172.16.1.200
route add -net 80.0.0.0/4 gw 172.16.1.201
route add -net 96.0.0.0/4 gw 172.16.1.202
route add -net 112.0.0.0/4 gw 172.16.1.203
route add-net 128.0.0.0/4 gw 172.16.1.200
route add -net 144.0.0.0/4 gw 172.16.1.201
route add -net 160.0.0.0/4 gw 172.16.1.202
route add-net 176.0.0.0/4 gw 172.16.1.203
route add-net 192.0.0.0/4 gw 172.16.1.200
route add -net 208.0.0.0/4 gw 172.16.1.201
route add -net 224.0.0.0/4 gw 172.16.1.202
route add -net 240.0.0.0/4 gw 172.16.1.203
Webmin was also installed on the server.
Actually, it makes no sense to talk about installing iptables, squid, dhs and dhcp. So, as there are a lot of manuals on the network, I’ll tell you about the small automation that I implemented to facilitate user management for a person who has never encountered * nix.
The scheme of adding users is as follows:
1. The user is registered in dhcp (addresses are issued only to registered users);
2. Then the user is registered on squid;
3. Then a script is launched that parses the squid config and creates rules for the firewall.
Actually, the scripts themselves (clumsy scripts were written on the knee in order to work) (the scripts are in the / etc / nat directory).
Actually parsing the squid config:
proxy
#! / bin / bash
touch / etc / nat / ip
mask = '172'
I = $ (cat /etc/squid3/squid.conf | grep localnet | grep 172.16)
arr = $ (echo $ I | tr "" "\ n")
arr2 = $ (echo $ arr | tr "/" "\ n")
for x in $ arr
do
declare -a arrip
if [[$ x == $ mask *]]; then
arrip [0] = $ x
echo $ arrip [0] >> / etc / nat / ip
fi
done
### EOF ###############################
/ etc / nat / ipread
touch / etc / nat / ip
mask = '172'
I = $ (cat /etc/squid3/squid.conf | grep localnet | grep 172.16)
arr = $ (echo $ I | tr "" "\ n")
arr2 = $ (echo $ arr | tr "/" "\ n")
for x in $ arr
do
declare -a arrip
if [[$ x == $ mask *]]; then
arrip [0] = $ x
echo $ arrip [0] >> / etc / nat / ip
fi
done
### EOF ###############################
/ etc / nat / ipread
As you can see, it processes the config and pulls out all the ip-addresses on a specific mask and, based on the result, launches another script:
etc / nat / ipread
#! / bin / bash
cat / dev / null> / etc / nat / natread
echo "resetting iptables rules"
sleep 1
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo "#! / bin / bash" >> / etc / nat / natread
echo "echo 1> / proc / sys / net / ipv4 / ip_forward" >> / etc / nat / natread
echo "iptables -A INPUT -i lo -j ACCEPT" >> / etc / nat / natread
echo "iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT" >> / etc / nat / natread
mask = "172"
badlist = $ (cat / etc / nat / bad)
arrbad = $ (echo $ badlist)
for x in $ arrbad
do
if [[$ x == $ mask *]];
then
echo "iptables -I INPUT -i eth0 -s" $ x "-j DROP" >> / etc / nat / natread
fi
done
ip = $ (cat / etc / nat / ip)
arr = $ (echo $ ip | tr "/" "\ n")
for x in $ arr
do
if [[$ x == $ mask *]];
then
echo "iptables -t nat -A POSTROUTING -o eth1 -s" $ x "-j MASQUERADE" >> / etc / nat / natread
fi
done
echo "iptables -A FORWARD -i eth1 -m state --state ESTABLISHED, RELATED -j ACCEPT" >> / etc / nat / natread
echo "iptables -A FORWARD -i eth1 -o eth0 -j REJECT" >> / etc / nat / natread
echo "iptables -t nat -A PREROUTING -i eth0! -d 172.16.0.0/24 -p tcp -m multiport --dport 80,8080 -j DNAT --to 172.16.0.1天128 »>> / etc / nat / natread
echo "echo \" The firewall rules are being reset \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \". \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \". \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \". \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \" The reloading of the firewall rules was successful! \ "" >> / etc / nat / natread
rm / etc / nat / ip
/ etc / nat / natread
cat / dev / null> / etc / nat / natread
echo "resetting iptables rules"
sleep 1
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
echo "#! / bin / bash" >> / etc / nat / natread
echo "echo 1> / proc / sys / net / ipv4 / ip_forward" >> / etc / nat / natread
echo "iptables -A INPUT -i lo -j ACCEPT" >> / etc / nat / natread
echo "iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT" >> / etc / nat / natread
mask = "172"
badlist = $ (cat / etc / nat / bad)
arrbad = $ (echo $ badlist)
for x in $ arrbad
do
if [[$ x == $ mask *]];
then
echo "iptables -I INPUT -i eth0 -s" $ x "-j DROP" >> / etc / nat / natread
fi
done
ip = $ (cat / etc / nat / ip)
arr = $ (echo $ ip | tr "/" "\ n")
for x in $ arr
do
if [[$ x == $ mask *]];
then
echo "iptables -t nat -A POSTROUTING -o eth1 -s" $ x "-j MASQUERADE" >> / etc / nat / natread
fi
done
echo "iptables -A FORWARD -i eth1 -m state --state ESTABLISHED, RELATED -j ACCEPT" >> / etc / nat / natread
echo "iptables -A FORWARD -i eth1 -o eth0 -j REJECT" >> / etc / nat / natread
echo "iptables -t nat -A PREROUTING -i eth0! -d 172.16.0.0/24 -p tcp -m multiport --dport 80,8080 -j DNAT --to 172.16.0.1天128 »>> / etc / nat / natread
echo "echo \" The firewall rules are being reset \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \". \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \". \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \". \ "" >> / etc / nat / natread
echo "sleep 1s" >> / etc / nat / natread
echo "echo \" The reloading of the firewall rules was successful! \ "" >> / etc / nat / natread
rm / etc / nat / ip
/ etc / nat / natread
This script resets the iptables rules and generates a script that, based on the result, adds the firewall rules.
This script is an example:
/ etc / nat / natread
#! / bin / bash
echo 1> / proc / sys / net / ipv4 / ip_forward
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -I INPUT -i eth0 -s 172.16 / 0/81 -j DROP
iptables -I INPUT -i eth0 -s 172.16.0.82 -j DROP
iptables -I INPUT -i eth0 -s 172.16.0.87 -j DROP
iptables -I INPUT -i eth0 -s 172.16.0.27 -j DROP
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.10 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.100 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.101 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.102 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.103 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.104 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.105 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.106 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.107 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.108 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.109 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.11 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.110 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.111 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.112 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.113 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.114 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.115 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.116 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.117 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.118 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.119 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.12 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.121 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.123 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.124 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.125 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.13 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.14 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.15 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.16 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.17 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.18 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.19 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.20 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.21 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.22 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.23 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.24 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.25 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.26 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.27 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.28 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.29 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.30 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.31 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.32 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.33 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.34 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.35 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.36 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.37 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.38 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.39 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.40 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.41 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.42 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.43 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.44 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.45 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.46 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.47 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.48 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.49 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.50 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.51 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.52 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.53 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.54 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.55 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.56 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.57 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.58 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.59 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.60 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.61 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.62 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.63 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.64 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.65 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.66 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.67 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.68 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.69 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.70 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.71 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.72 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.73 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.74 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.75 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.76 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.77 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.78 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.79 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.80 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.81 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.82 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.83 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.84 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.85 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.86 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.87 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.88 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.89 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.90 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.91 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.92 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.93 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.94 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.95 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.96 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.97 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.98 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.99 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.120 -j MASQUERADE
iptables -A FORWARD -i eth1 -m state --state ESTABLISHED, RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j REJECT
echo “Firewall rules are being reloaded„
sleep 1s
echo "."
sleep 1s
echo "."
sleep 1s
echo "."
sleep 1s
echo “The reloading of the firewall rules completed successfully!”
echo 1> / proc / sys / net / ipv4 / ip_forward
iptables -A INPUT -i lo -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
iptables -I INPUT -i eth0 -s 172.16 / 0/81 -j DROP
iptables -I INPUT -i eth0 -s 172.16.0.82 -j DROP
iptables -I INPUT -i eth0 -s 172.16.0.87 -j DROP
iptables -I INPUT -i eth0 -s 172.16.0.27 -j DROP
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.10 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.100 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.101 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.102 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.103 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.104 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.105 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.106 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.107 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.108 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.109 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.11 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.110 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.111 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.112 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.113 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.114 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.115 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.116 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.117 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.118 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.119 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.12 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.121 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.123 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.124 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.125 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.13 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.14 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.15 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.16 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.17 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.18 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.19 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.20 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.21 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.22 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.23 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.24 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.25 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.26 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.27 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.28 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.29 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.30 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.31 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.32 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.33 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.34 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.35 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.36 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.37 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.38 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.39 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.40 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.41 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.42 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.43 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.44 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.45 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.46 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.47 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.48 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.49 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.50 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.51 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.52 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.53 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.54 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.55 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.56 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.57 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.58 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.59 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.60 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.61 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.62 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.63 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.64 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.65 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.66 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.67 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.68 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.69 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.70 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.71 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.72 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.73 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.74 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.75 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.76 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.77 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.78 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.79 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.80 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.81 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.82 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.83 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.84 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.85 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.86 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.87 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.88 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.89 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.90 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.91 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.92 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.93 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.94 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.95 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.96 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.97 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.98 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.99 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -s 172.16.0.120 -j MASQUERADE
iptables -A FORWARD -i eth1 -m state --state ESTABLISHED, RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j REJECT
echo “Firewall rules are being reloaded„
sleep 1s
echo "."
sleep 1s
echo "."
sleep 1s
echo "."
sleep 1s
echo “The reloading of the firewall rules completed successfully!”
As you can see, there is also implemented the ability to add users who have forgotten to pay for the Internet by adding the addresses of these users to the bad file.
Actually, with the distribution of the Internet figured out. But a problem arose: due to frequent jumps in the electrical network, ADSL-modems could hang tightly, because of this, users could not access some of the sites. As a crutch, a script was written that checks the availability of modems and, based on a test, generated a route table from the templates:
ping-test
#! / bin / bash
host1 = "172.16.1.200"
host2 = "172.16.1.201"
host3 = "172.16.1.202"
host4 = "172.16.1.203"
if ping -q -c 1 $ host1 &> / dev / null;
then
x = "1"
else
x = "0"
fi
if ping -q -c 1 $ host2 &> / dev / null;
then
y = "1"
else
y = "0"
fi
if ping -q -c 1 $ host3 &> / dev / null;
then
z = "1"
else
z = "0"
fi
if ping -q -c 1 $ host4 &> / dev / null;
then
i = "1"
else
i = "0"
fi
if [$ x == 1] && [$ y == 1] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-ok / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host1 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host2 / etc / nat / network
else
if [$ x == 1] && [$ y == 1] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host3 / etc / nat / network
else
if [$ x == 1] && [$ y == 1] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host4 / etc / nat / network
else
if [$ x == 0] && [$ y == 0] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host12 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host23 / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host13 / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host14 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host24 / etc / nat / network
else
if [$ x == 1] && [$ y == 1] && [$ z == 0] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host34 / etc / nat / network
else
if [$ x == 0] && [$ y == 0] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host123 / etc / nat / network
else
if [$ x == 0] && [$ y == 0] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host124 / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 0] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host134 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 0] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host234 / etc / nat / network
else
rm -f / etc / nat / network
cp / etc / nat / network-ok / etc / nat / network
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
chmod + x / etc / nat / network
/ etc / nat / delnet
/ etc / nat / network
host1 = "172.16.1.200"
host2 = "172.16.1.201"
host3 = "172.16.1.202"
host4 = "172.16.1.203"
if ping -q -c 1 $ host1 &> / dev / null;
then
x = "1"
else
x = "0"
fi
if ping -q -c 1 $ host2 &> / dev / null;
then
y = "1"
else
y = "0"
fi
if ping -q -c 1 $ host3 &> / dev / null;
then
z = "1"
else
z = "0"
fi
if ping -q -c 1 $ host4 &> / dev / null;
then
i = "1"
else
i = "0"
fi
if [$ x == 1] && [$ y == 1] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-ok / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host1 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host2 / etc / nat / network
else
if [$ x == 1] && [$ y == 1] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host3 / etc / nat / network
else
if [$ x == 1] && [$ y == 1] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host4 / etc / nat / network
else
if [$ x == 0] && [$ y == 0] && [$ z == 1] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host12 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host23 / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host13 / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host14 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host24 / etc / nat / network
else
if [$ x == 1] && [$ y == 1] && [$ z == 0] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host34 / etc / nat / network
else
if [$ x == 0] && [$ y == 0] && [$ z == 0] && [$ i == 1];
then
rm -f / etc / nat / network
cp / etc / nat / network-host123 / etc / nat / network
else
if [$ x == 0] && [$ y == 0] && [$ z == 1] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host124 / etc / nat / network
else
if [$ x == 0] && [$ y == 1] && [$ z == 0] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host134 / etc / nat / network
else
if [$ x == 1] && [$ y == 0] && [$ z == 0] && [$ i == 0];
then
rm -f / etc / nat / network
cp / etc / nat / network-host234 / etc / nat / network
else
rm -f / etc / nat / network
cp / etc / nat / network-ok / etc / nat / network
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
fi
chmod + x / etc / nat / network
/ etc / nat / delnet
/ etc / nat / network
According to the results of the script, 2 files are created: the network with the route table and delnet, which, in fact, deletes the old routes at startup:
network
#! / bin / bash
route add-net 0.0.0.0/4 gw 172.16.1.200
route add-net 16.0.0.0/4 gw 172.16.1.201
route add-net 32.0.0.0/4 gw 172.16.1.202
route add-net 48.0.0.0/4 gw 172.16.1.203
route add-net 64.0.0.0/4 gw 172.16.1.200
route add -net 80.0.0.0/4 gw 172.16.1.201
route add -net 96.0.0.0/4 gw 172.16.1.202
route add -net 112.0.0.0/4 gw 172.16.1.203
route add-net 128.0.0.0/4 gw 172.16.1.200
route add -net 144.0.0.0/4 gw 172.16.1.201
route add -net 160.0.0.0/4 gw 172.16.1.202
route add-net 176.0.0.0/4 gw 172.16.1.203
route add-net 192.0.0.0/4 gw 172.16.1.200
route add -net 208.0.0.0/4 gw 172.16.1.201
route add -net 224.0.0.0/4 gw 172.16.1.202
route add -net 240.0.0.0/4 gw 172.16.1.203
rm -f / etc / nat / delnet
touch / etc / nat / delnet
echo "#! / bin / bash" >> / etc / nat / delnet
echo "route del -net 0.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 16.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 32.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 48.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 64.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 80.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 96.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 112.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 128.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 144.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 160.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 176.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 192.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 208.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del-net 224.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 240.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
chmod + x / etc / nat / delnet
route add-net 0.0.0.0/4 gw 172.16.1.200
route add-net 16.0.0.0/4 gw 172.16.1.201
route add-net 32.0.0.0/4 gw 172.16.1.202
route add-net 48.0.0.0/4 gw 172.16.1.203
route add-net 64.0.0.0/4 gw 172.16.1.200
route add -net 80.0.0.0/4 gw 172.16.1.201
route add -net 96.0.0.0/4 gw 172.16.1.202
route add -net 112.0.0.0/4 gw 172.16.1.203
route add-net 128.0.0.0/4 gw 172.16.1.200
route add -net 144.0.0.0/4 gw 172.16.1.201
route add -net 160.0.0.0/4 gw 172.16.1.202
route add-net 176.0.0.0/4 gw 172.16.1.203
route add-net 192.0.0.0/4 gw 172.16.1.200
route add -net 208.0.0.0/4 gw 172.16.1.201
route add -net 224.0.0.0/4 gw 172.16.1.202
route add -net 240.0.0.0/4 gw 172.16.1.203
rm -f / etc / nat / delnet
touch / etc / nat / delnet
echo "#! / bin / bash" >> / etc / nat / delnet
echo "route del -net 0.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 16.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 32.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 48.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 64.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 80.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 96.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 112.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 128.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 144.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 160.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 176.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 192.0.0.0/4 gw 172.16.1.200" >> / etc / nat / delnet
echo "route del -net 208.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del-net 224.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 240.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
chmod + x / etc / nat / delnet
delnet
#! / bin / bash
route del -net 0.0.0.0/4 gw 172.16.1.200
route del -net 16.0.0.0/4 gw 172.16.1.201
route del -net 32.0.0.0/4 gw 172.16.1.202
route del -net 48.0.0.0/4 gw 172.16.1.203
route del -net 64.0.0.0/4 gw 172.16.1.200
route del -net 80.0.0.0/4 gw 172.16.1.201
route del -net 96.0.0.0/4 gw 172.16.1.202
route del -net 112.0.0.0/4 gw 172.16.1.203
route del -net 128.0.0.0/4 gw 172.16.1.200
route del -net 144.0.0.0/4 gw 172.16.1.201
route del -net 160.0.0.0/4 gw 172.16.1.202
route del -net 176.0.0.0/4 gw 172.16.1.203
route del -net 192.0.0.0/4 gw 172.16.1.200
route del -net 208.0.0.0/4 gw 172.16.1.201
route del -net 224.0.0.0/4 gw 172.16.1.202
route del -net 240.0.0.0/4 gw 172.16.1.203
route del -net 0.0.0.0/4 gw 172.16.1.200
route del -net 16.0.0.0/4 gw 172.16.1.201
route del -net 32.0.0.0/4 gw 172.16.1.202
route del -net 48.0.0.0/4 gw 172.16.1.203
route del -net 64.0.0.0/4 gw 172.16.1.200
route del -net 80.0.0.0/4 gw 172.16.1.201
route del -net 96.0.0.0/4 gw 172.16.1.202
route del -net 112.0.0.0/4 gw 172.16.1.203
route del -net 128.0.0.0/4 gw 172.16.1.200
route del -net 144.0.0.0/4 gw 172.16.1.201
route del -net 160.0.0.0/4 gw 172.16.1.202
route del -net 176.0.0.0/4 gw 172.16.1.203
route del -net 192.0.0.0/4 gw 172.16.1.200
route del -net 208.0.0.0/4 gw 172.16.1.201
route del -net 224.0.0.0/4 gw 172.16.1.202
route del -net 240.0.0.0/4 gw 172.16.1.203
As an example, give patterns
network host1
#! / bin / bash
route add -net 0.0.0.0/4 gw 172.16.1.201
route add-net 16.0.0.0/4 gw 172.16.1.202
route add-net 32.0.0.0/4 gw 172.16.1.203
route add -net 48.0.0.0/4 gw 172.16.1.201
route add-net 64.0.0.0/4 gw 172.16.1.202
route add -net 80.0.0.0/4 gw 172.16.1.203
route add -net 96.0.0.0/4 gw 172.16.1.201
route add -net 112.0.0.0/4 gw 172.16.1.202
route add -net 128.0.0.0/4 gw 172.16.1.203
route add -net 144.0.0.0/4 gw 172.16.1.201
route add -net 160.0.0.0/4 gw 172.16.1.202
route add-net 176.0.0.0/4 gw 172.16.1.203
route add -net 192.0.0.0/4 gw 172.16.1.201
route add -net 208.0.0.0/4 gw 172.16.1.202
route add -net 224.0.0.0/4 gw 172.16.1.203
route add -net 240.0.0.0/4 gw 172.16.1.201
rm -f / etc / nat / delnet
touch / etc / nat / delnet
echo "#! / bin / bash" >> / etc / nat / delnet
echo "route del -net 0.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 16.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 32.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 48.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del-net 64.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 80.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 96.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 112.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 128.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 144.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 160.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 176.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 192.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del-net 208.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 224.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 240.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
chmod + x / etc / nat / delnet
route add -net 0.0.0.0/4 gw 172.16.1.201
route add-net 16.0.0.0/4 gw 172.16.1.202
route add-net 32.0.0.0/4 gw 172.16.1.203
route add -net 48.0.0.0/4 gw 172.16.1.201
route add-net 64.0.0.0/4 gw 172.16.1.202
route add -net 80.0.0.0/4 gw 172.16.1.203
route add -net 96.0.0.0/4 gw 172.16.1.201
route add -net 112.0.0.0/4 gw 172.16.1.202
route add -net 128.0.0.0/4 gw 172.16.1.203
route add -net 144.0.0.0/4 gw 172.16.1.201
route add -net 160.0.0.0/4 gw 172.16.1.202
route add-net 176.0.0.0/4 gw 172.16.1.203
route add -net 192.0.0.0/4 gw 172.16.1.201
route add -net 208.0.0.0/4 gw 172.16.1.202
route add -net 224.0.0.0/4 gw 172.16.1.203
route add -net 240.0.0.0/4 gw 172.16.1.201
rm -f / etc / nat / delnet
touch / etc / nat / delnet
echo "#! / bin / bash" >> / etc / nat / delnet
echo "route del -net 0.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 16.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 32.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 48.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del-net 64.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 80.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 96.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 112.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del -net 128.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 144.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del -net 160.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 176.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 192.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
echo "route del-net 208.0.0.0/4 gw 172.16.1.202" >> / etc / nat / delnet
echo "route del-net 224.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 240.0.0.0/4 gw 172.16.1.201" >> / etc / nat / delnet
chmod + x / etc / nat / delnet
network-host123
#! / bin / bash
route add -net 0.0.0.0/4 gw 172.16.1.203
route add-net 16.0.0.0/4 gw 172.16.1.203
route add-net 32.0.0.0/4 gw 172.16.1.203
route add-net 48.0.0.0/4 gw 172.16.1.203
route add-net 64.0.0.0/4 gw 172.16.1.203
route add -net 80.0.0.0/4 gw 172.16.1.203
route add -net 96.0.0.0/4 gw 172.16.1.203
route add -net 112.0.0.0/4 gw 172.16.1.203
route add -net 128.0.0.0/4 gw 172.16.1.203
route add-net 144.0.0.0/4 gw 172.16.1.203
route add-net 160.0.0.0/4 gw 172.16.1.203
route add-net 176.0.0.0/4 gw 172.16.1.203
route add-net 192.0.0.0/4 gw 172.16.1.203
route add -net 208.0.0.0/4 gw 172.16.1.203
route add -net 224.0.0.0/4 gw 172.16.1.203
route add -net 240.0.0.0/4 gw 172.16.1.203
rm -f / etc / nat / delnet
touch / etc / nat / delnet
echo "#! / bin / bash" >> / etc / nat / delnet
echo "route del -net 0.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 16.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 32.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 48.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 64.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 80.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 96.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 112.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 128.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 144.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 160.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 176.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 192.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 208.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 224.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 240.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
chmod + x / etc / nat / delnet
route add -net 0.0.0.0/4 gw 172.16.1.203
route add-net 16.0.0.0/4 gw 172.16.1.203
route add-net 32.0.0.0/4 gw 172.16.1.203
route add-net 48.0.0.0/4 gw 172.16.1.203
route add-net 64.0.0.0/4 gw 172.16.1.203
route add -net 80.0.0.0/4 gw 172.16.1.203
route add -net 96.0.0.0/4 gw 172.16.1.203
route add -net 112.0.0.0/4 gw 172.16.1.203
route add -net 128.0.0.0/4 gw 172.16.1.203
route add-net 144.0.0.0/4 gw 172.16.1.203
route add-net 160.0.0.0/4 gw 172.16.1.203
route add-net 176.0.0.0/4 gw 172.16.1.203
route add-net 192.0.0.0/4 gw 172.16.1.203
route add -net 208.0.0.0/4 gw 172.16.1.203
route add -net 224.0.0.0/4 gw 172.16.1.203
route add -net 240.0.0.0/4 gw 172.16.1.203
rm -f / etc / nat / delnet
touch / etc / nat / delnet
echo "#! / bin / bash" >> / etc / nat / delnet
echo "route del -net 0.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 16.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 32.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 48.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 64.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 80.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 96.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 112.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 128.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 144.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 160.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 176.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 192.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 208.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del-net 224.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
echo "route del -net 240.0.0.0/4 gw 172.16.1.203" >> / etc / nat / delnet
chmod + x / etc / nat / delnet
From the examples one can understand the principle by which the templates were made.
PS Despite the clumsiness of the solution, this gateway already within six months successfully launches about 100 users onto the network. With a minimum of problems.
Source: https://habr.com/ru/post/256485/
All Articles