Skip to content

Instantly share code, notes, and snippets.

@sergeycherepanov

sergeycherepanov/gist:ab286646cf02eaa9af46daa23b1f4060

Created September 11, 2017 08:31
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sergeycherepanov/ab286646cf02eaa9af46daa23b1f4060 to your computer and use it in GitHub Desktop.
Save sergeycherepanov/ab286646cf02eaa9af46daa23b1f4060 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
PRIVATE_IFACE=$(ip -4 link show | grep 'ens[0-9]' -o | head -1)
PUBLIC_IFACE=$(ip -4 link show | grep 'ens[0-9]' -o | tail -1)
PRIVATE_SUBNET=$(ip -4 addr show ens4 | grep inet | grep '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\/[0-9]\+' -o | awk -F\. '{print $1 "." $2 "." $3 ".0"}')
echo "${PRIVATE_SUBNET}" | grep '^172\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.0$' || {
echo "Invalid private network '${PRIVATE_SUBNET}' must be 172.x.x.x"
exit 1
}
sysctl -w net.ipv4.ip_forward=1
iptables -A FORWARD --src ${PRIVATE_SUBNET}/24 -i ${PRIVATE_IFACE} -j ACCEPT
iptables -A FORWARD -j DROP
iptables -t nat -A POSTROUTING -o ${PUBLIC_IFACE} -j MASQUERADE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment