Pace-V5471/alacn1_pace_v5471
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2025-01-10. You can view files and clone it, but cannot push or open issues or pull requests.
Files
alacn1_pace_v5471/squashfs-root/etc/bewan/ip-up-lan.d/S10nat
Anderson Luiz Alves 0464e230c1 stock 103961
2017-07-30 16:48:04 -03:00

33 lines
1.0 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/sh
# /etc/bewan/ip-up-lan.d/S10nat
# called from /etc/bewan/scripts/ip-up-lan through sh
# No environement variable
# $LANID = lan interface index
# Add an SNAT rule to allow DNAT from the subnet to the same subnet
# escape packets initiated from the box
ipup_lan_nat() {
[ ! -f /usr/bin/iptables ] && return 0
local ifname=`cat $LAND/$LANID/ifname 2>/dev/null`
[ "$ifname" = '' ] && return
local ipaddr=`cat $LAND/$LANID/ip/ipaddr 2>/dev/null`
[ "$ipaddr" = '' ] && return
local ipmask=`cat $LAND/$LANID/ip/ipmask 2>/dev/null`
[ "$ipmask" = '' ] && return
local snat="POSTROUTING -o $ifname -s $ipaddr -j RETURN"
echo $snat >$LAND/$LANID/ip/snat1
iptables -t nat -A $snat
# SNAT other packets coming from the subnet
local ipnet=`ipnet $ipaddr $ipmask`
local smask=`ipmask $ipmask`
snat="POSTROUTING -o $ifname -s $ipnet/$smask -d $ipnet/$smask -j SNAT --to $ipaddr"
echo $snat >$LAND/$LANID/ip/snat2
iptables -t nat -A $snat
}
# Not functional in v2 (to be reworked)
return
ipup_lan_nat
View Git Blame Copy Permalink