Last active
July 10, 2019 19:24
-
-
Save schuyler/64d575060567485cbf37e8c09f42f7d3 to your computer and use it in GitHub Desktop.
Debian network interface configuration for USB tether
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Debian network interface configuration for USB tether | |
# /etc/network/interfaces.d/enp0s21f0u1 | |
allow-hotplug enp0s21f0u1 | |
iface enp0s21f0u1 inet dhcp | |
description usb-tether | |
post-up /usr/local/sbin/firewall.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Debian network interface configuration for NUC ethernet | |
# /etc/network/interfaces.d/enp3s0 | |
auto enp3s0 | |
iface enp3s0 inet static | |
address 192.168.1.1/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# save as: /usr/local/sbin/firewall.sh | |
# | |
# based on https://debian-administration.org/article/23/Setting_up_a_simple_Debian_gateway | |
LAN=enp3s0 | |
ISP=enp0s21f0u1 | |
# Exit if any command fails. | |
set -e | |
PATH=/usr/sbin:/sbin:/bin:/usr/bin | |
# delete all existing rules. | |
iptables -F | |
iptables -t nat -F | |
iptables -t mangle -F | |
iptables -X | |
# Always accept loopback traffic | |
iptables -A INPUT -i lo -j ACCEPT | |
# Allow established connections, and those not coming from the outside | |
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
iptables -A INPUT -m state --state NEW ! -i $ISP -j ACCEPT | |
iptables -A FORWARD -i $ISP -o $LAN -m state --state ESTABLISHED,RELATED -j ACCEPT | |
# Allow outgoing connections from the LAN side. | |
iptables -A FORWARD -i $LAN -o $ISP -j ACCEPT | |
# Masquerade. | |
iptables -t nat -A POSTROUTING -o $ISP -j MASQUERADE | |
# Don't forward from the outside to the inside. | |
iptables -A FORWARD -i $ISP -o $LAN -j REJECT | |
# Enable routing. | |
echo 1 > /proc/sys/net/ipv4/ip_forward |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment