NATting SOHO firewall script utilizes iptables to function as a firewall for small office/home office environments.
While be warned, you will need to make some customizations for it to fit your specific needs. Assuming your internal network is 192.168.1.0/24 on eth1 and your internet IP is 10.0.0.1 on eth0, this script can easily be configured to protect your network. It also supports a DMZ with the internal network IP on eth1 being 192.168.1.1.
NATting SOHO Firewall includes kernel modules for ipnat, ip_conntrack, and ip_conntrack_ftp to ensure reliable functionality. The script is prefaced with default policies for incoming and outgoing packets, set to DROP and ALLOW respectively. Additionally, it blocks any incoming packets with spoofed addresses, preventing pesky hackers from sneaking in unnoticed.
The script also blocks outgoing network file sharing protocols unless designed to go beyond the LAN, such as SMB / Windows file sharing and NFS Mount Service. Incoming packets for syslog, lpr, rsh, rexec, and other potentially harmful connections are shut down to keep your network secure.
But the features don't stop there. NATting SOHO Firewall includes a transparent proxy for all web surfing through the Squid box at 192.168.1.2:8080 and 192.168.1.2:443, and transparent forwarding of all outgoing mail to a relay host at 192.168.1.3. Additionally, web connections from outside to the DMZ web server at 192.168.2.2 are transparently redirected.
Finally, to get all your traffic flowing smoothly, the script also includes Source NAT to get Internet traffic through. Simply activate the forwarding with a quick command, and you're ready to go.
Overall, NATting SOHO Firewall is a fantastic script for any small business or home office looking for top-of-the-line security. With customizable settings and advanced features, it's a reliable choice for any network administrator.