iptables changed

board/PSG/iot2050/rootfs/etc/dnsmasq.conf

@@ -1,5 +1,4 @@
 interface=eth1
-interface=usb0
 interface=wlan0
 
 no-dhcp-interface=eth0
@@ -13,13 +12,7 @@ dhcp-option=wlan0,1,255.255.255.0
 dhcp-option=wlan0,3,192.168.10.200
 dhcp-option=wlan0,6,192.168.10.200
 
-dhcp-range=usb0,192.168.7.1,192.168.7.1,1h
-dhcp-option=usb0,1,255.255.255.252
-dhcp-option=usb0,3,192.168.7.2
-dhcp-option=usb0,6,192.168.7.2
-
 listen-address=127.0.0.1
-listen-address=192.168.7.2
 listen-address=192.168.100.200
 listen-address=192.168.10.200
 

board/PSG/iot2050/rootfs/etc/init.d/rcS

@@ -1,5 +1,4 @@
 #!/bin/sh
-echo 1 > /proc/sys/net/ipv4/ip_forward
 
 if [ -c "/dev/ppp" ]
         then echo "."
@@ -41,9 +40,8 @@ for i in /etc/init.d/S??* ;do
     esac
 done
 
-#--- iptables
-iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
-iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
-iptables -t nat -A POSTROUTING -o tun5 -j MASQUERADE
+#--- iptables settings
+echo 1 > /proc/sys/net/ipv4/ip_forward
+echo 1 > /proc/sys/net/ipv6/conf/all/disable_ipv6
 /root/portfwd.sh &
 #----

board/PSG/iot2050/rootfs/root/delportfwd.sh

@@ -1,38 +0,0 @@
-#!/bin/sh
-#
-
-del_portfwd () {
-DESTPORT=$1
-DESTIP=$2
-SRCPORT=$3
-SRCIP=$4
-SRCIFACE=$5
-
-iptables -t nat -D PREROUTING -p tcp -i $SRCIFACE --dport $SRCPORT -j DNAT --to-destination $DESTIP:$DESTPORT 2> /dev/null
-iptables -D FORWARD -p tcp -d $SRCIP --dport $SRCPORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT 2> /dev/null
-
-}
-
-set_portfwd () {
-DESTPORT=$1
-DESTIP=$2
-SRCPORT=$3
-SRCIP=$4
-SRCIFACE=$5
-
-del_portfwd $1 $2 $3 $4 $5
-
-iptables -t nat -A PREROUTING -p tcp -i $SRCIFACE --dport $SRCPORT -j DNAT --to-destination $DESTIP:$DESTPORT
-iptables -A FORWARD -p tcp -d $SRCIP --dport $SRCPORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-
-}
-
-#del_portfwd 80 192.168.0.1 80 192.168.7.2 usb0
-del_portfwd 80 192.168.100.1 80 `ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` eth0
-del_portfwd 80 192.168.100.1 80 `ifconfig tun5 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` tun5
-del_portfwd 102 192.168.100.1 102 `ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` eth0
-del_portfwd 102 192.168.100.1 102 `ifconfig tun5 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` tun5
-del_portfwd 443 192.168.100.1 443 `ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` eth0
-del_portfwd 443 192.168.100.1 443 `ifconfig tun5 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` tun5
-del_portfwd 5900 192.168.100.20 5900 `ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` eth0
-del_portfwd 5900 192.168.100.20 5900 `ifconfig tun5 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` tun5

board/PSG/iot2050/rootfs/root/portfwd.sh

@@ -1,6 +1,32 @@
 #!/bin/sh
 #
 
+flush_all() {
+# Accept all traffic first to avoid ssh lockdown  via iptables firewall rules #
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
+
+# Flush All Iptables Chains/Firewall rules #
+iptables -F
+
+# Delete all Iptables Chains #
+iptables -X
+
+# Flush all counters too #
+iptables -Z
+# Flush and delete all nat and  mangle #
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+#-------------------------
+iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
+iptables -t nat -A POSTROUTING -o tun5 -j MASQUERADE
+}
+
+
 del_portfwd () {
 DESTPORT=$1
 DESTIP=$2
@@ -20,14 +46,15 @@ SRCPORT=$3
 SRCIP=$4
 SRCIFACE=$5
 
-del_portfwd $1 $2 $3 $4 $5
+#del_portfwd $1 $2 $3 $4 $5
 
 iptables -t nat -A PREROUTING -p tcp -i $SRCIFACE --dport $SRCPORT -j DNAT --to-destination $DESTIP:$DESTPORT
 iptables -A FORWARD -p tcp -d $SRCIP --dport $SRCPORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
 
 }
 
-#set_portfwd 80 192.168.0.1 80 192.168.7.2 usb0
+flush_all
+
 set_portfwd 80 192.168.100.1 80 `ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` eth0
 set_portfwd 80 192.168.100.1 80 `ifconfig tun5 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` tun5
 set_portfwd 102 192.168.100.1 102 `ifconfig eth0 2>/dev/null|awk '/inet addr:/ {print $2}'|sed 's/addr://'` eth0