domesticrouter.startup

ifconfig eth0 10.20.77.2 netmask 255.255.255.0 up # to edge router
ifconfig eth1 192.168.0.2 netmask 255.255.255.0 up # pc1 and pc2
ifconfig eth2 192.168.1.2 netmask 255.255.255.0 up # pc3
ifconfig eth3 192.168.2.2 netmask 255.255.255.0 up # stb

route add -net 10.20.78.0 netmask 255.255.255.0 gw 10.20.77.1 dev eth0 # to coreswitch
route add -net 10.20.79.0 netmask 255.255.255.0 gw 10.20.77.1 dev eth0 # to service switch
route add -net 30.40.3.0 netmask 255.255.255.0 gw 10.20.77.1 dev eth0 # to fcct router

route add -net 30.40.0.0 netmask 255.255.255.0 gw 10.20.77.1 dev eth0 # to tester subnet
route add -net 30.40.1.0 netmask 255.255.255.0 gw 10.20.77.1 dev eth0 # to rootdns subnet
route add -net 30.40.2.0 netmask 255.255.255.0 gw 10.20.77.1 dev eth0 # to TO dns subnet

/etc/init.d/dhcp3-server start
snmpd



iptables --flush
iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain

# Set up IP FORWARDing and Masquerading

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

# Enables packet forwarding by kernel

echo 1 > /proc/sys/net/ipv4/ip_forward

# block stb traffic to all subnet except core switch subnet
iptables -I FORWARD -s 192.168.0.254 -d ! 10.20.78.0/24 -j DROP

# block stb traffic except tcp in port 80
iptables -I FORWARD -s 192.168.0.254 -d 10.20.78.6 -j DROP
iptables -I FORWARD -s 192.168.0.254 -d 10.20.78.6 -p tcp --dport 80 -j ACCEPT

# block stb traffic except udp, icmp and tcp in port 22
iptables -I FORWARD -s 192.168.0.254 -d 10.20.78.5 -j DROP
iptables -I FORWARD -s 192.168.0.254 -d 10.20.78.5 -p tcp --dport 22 -j ACCEPT
iptables -I FORWARD -s 192.168.0.254 -d 10.20.78.5 -p udp -j ACCEPT
iptables -I FORWARD -s 192.168.0.254 -d 10.20.78.5 -p icmp -j ACCEPT