61 lines
1.7 KiB
Bash
Executable File
61 lines
1.7 KiB
Bash
Executable File
#!/bin/sh
|
|
# /etc/bewan/scripts/update-nat $1
|
|
# common script part of /etc/bewan/scripts/ip-up and /etc/bewan/scripts/ip-down
|
|
|
|
# Arguments or environment variables:
|
|
# $1 or $WANID : the WAN interface index
|
|
|
|
# Others variables come from setparam
|
|
if [ "${WANID:-}" = '' ]; then
|
|
. /etc/bewan/init.d/setparam
|
|
WANID=${1:-0}
|
|
fi
|
|
|
|
|
|
update_nat() {
|
|
local ifname=`cat $WAND/$WANID/ip/ifname 2>/dev/null`
|
|
[ "$ifname" = '' ] && return
|
|
local ipaddr=`cat $WAND/$WANID/ip/ipaddr 2>/dev/null`
|
|
|
|
# Remove previous snat rule
|
|
local snat="`cat $WAND/$WANID/ip/snat 2>/dev/null`"
|
|
if [ "$snat" != '' ]; then
|
|
iptables -t nat -D $snat
|
|
rm $WAND/$WANID/ip/snat
|
|
fi
|
|
|
|
# Source NAT with $ipaddr all output to $ifname
|
|
if [ "$ipaddr" != '' ]; then
|
|
local tmo=`cat $WAND/$WANID/ip/nattimeout 2>/dev/null`
|
|
[ "$tmo" != '' ] && tmo="--timeout $tmo"
|
|
snat="POSTROUTING -o $IFNAME -j SNAT --to $ipaddr $tmo"
|
|
echo $snat >$WAND/$WANID/ip/snat
|
|
iptables -t nat -A $snat
|
|
fi
|
|
|
|
# Remove previous dnat rule
|
|
local dnat="`cat $WAND/$WANID/ip/dnat 2>/dev/null`"
|
|
if [ "$dnat" != '' ]; then
|
|
iptables -t nat -D $dnat
|
|
rm $WAND/$WANID/ip/dnat
|
|
fi
|
|
# Packets destinated to $ipaddr branch to prerouting table of the interface
|
|
if [ "$ipaddr" != '' ]; then
|
|
dnat="PREROUTING -d $ipaddr -j PREROUTING$WANID"
|
|
echo $dnat >$WAND/$WANID/ip/dnat
|
|
# if called from rc (static ip), iptables not yet initialized
|
|
if [ ! -f /var/bewan/iptables ]; then
|
|
# Create prerouting table
|
|
iptables -t nat -N PREROUTING$WANID
|
|
fi
|
|
iptables -t nat -A $dnat
|
|
fi
|
|
}
|
|
|
|
base_log "$SCRIPTD/update-nat $WANID" debug
|
|
|
|
# NAT router enabled
|
|
if [ -f "$WAND/$WANID/ip/enablenat" ] && [ -e /usr/bin/iptables ]; then
|
|
update_nat
|
|
fi
|