#--------------------------------------------------------------------#
# Skenario: - Eth1 ( Card di Jaringan LAN)                           #
#           - ppp0 ( Interface Dial Up(Internet))                    #
# Firewall Script ini,akan Melakukan Rule NAT Terhadap Jaringan,     #  
# Kemudian PC yang ada Dijaringan Dipaksa-kan untuk Melewati Mesin   #
# Proxy Jika Mereka Akan Mengakses Port 80,8080,3128                 #
#    Info : dms@ikc.co.id                                            #
#--------------------------------------------------------------------#

echo -e "\n\nSETTING UP IPTABLES PROXY..."

INTIF="eth0"
EXTIF="ppp0"

IPTABLES=/sbin/iptables

EXTIF="ppp0"

LAN="192.168.1.0/24"

SERVER="192.168.1.1"

EXTIP="36.81.129.77"
ServerProduksi="192.168.1.10"

#nameserver1="202.148.7.49"
#nameserver2="202.148.11.48"


nameserver1="8.8.8.8"
#nameserver2="4.4.4.4"

nameserver1="202.134.0.155"
#nameserver1="192.168.1.1"

#nameserver2="202.134.1.10"
nameserver2="192.168.1.1"

PROXYPORT1="8080"
PROXYUTAMA="192.168.1.1"

PROXYPORT2="3128"
#PROXYSERVER="202.137.22.181"
PROXYSERVER="203.201.173.181"

echo "Loading required stateful/NAT kernel modules..."

/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc

echo "1" > /proc/sys/net/ipv4/tcp_syncookies
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
#echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route
echo "0" > /proc/sys/net/ipv4/tcp_timestamps
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

#echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
#echo "1" > /proc/sys/net/ipv4/conf/all/log_martians
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "2400" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
echo "0" > /proc/sys/net/ipv4/tcp_sack

echo "    Enabling IP forwarding..."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo "    External interface: $EXTIF"
echo "    External interface IP address is: $EXTIP"

echo "    Loading proxy server rules..."

# Clearing any existing rules and setting default policy
$IPTABLES --flush
$IPTABLES --table nat --flush
$IPTABLES --delete-chain
$IPTABLES --table nat --delete-chain
$IPTABLES -N MACtest

$IPTABLES -F
$IPTABLES -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X


$IPTABLES -P INPUT ACCEPT
#$IPTABLES -P INPUT DROP
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
#$IPTABLES -P FORWARD DROP
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD