forked from freifunk-franken/firmware
Add package fff-layer3-ipv4snat
With this package it is possible to make SNAT with IPv4 on the router The user must set a peer_ip setting in gateway.meta.peer_ip to get a single ip for peering interfaces. At ipaddr the user must set a ip that not use in babel (e.g. 192.168.0.1/16) for the clients With this package the ipaddr address is SNAT to the peer_ip and every router need only one freifunk ip and can use the same ipaddr on every router. It is a system like cgnat from big provider Signed-off-by: Christian Dresel <freifunk@dresel.systems>
This commit is contained in:
parent
5469399112
commit
7c9b8d03f5
|
@ -0,0 +1,32 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-layer3-ipv4snat
|
||||
PKG_RELEASE:=1
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
define Package/fff-layer3-ipv4snat
|
||||
SECTION:=base
|
||||
CATEGORY:=Freifunk
|
||||
TITLE:=Freifunk-Franken layer3 configuration with SNAT
|
||||
URL:=https://www.freifunk-franken.de
|
||||
DEPENDS:= \
|
||||
+iptables-mod-nat-extra \
|
||||
+fff-firewall \
|
||||
+fff-layer3-config
|
||||
|
||||
endef
|
||||
|
||||
define Package/fff-layer3-ipv4snat/description
|
||||
With this package it is possible to make SNAT with IPv4 on the router
|
||||
endef
|
||||
|
||||
define Build/Compile
|
||||
# nothing
|
||||
endef
|
||||
|
||||
define Package/fff-layer3-ipv4snat/install
|
||||
$(CP) ./files/* $(1)/
|
||||
endef
|
||||
|
||||
$(eval $(call BuildPackage,fff-layer3-ipv4snat))
|
|
@ -0,0 +1,58 @@
|
|||
# configure-layer3 -c do nothing
|
||||
|
||||
# Check if NAT is set
|
||||
# If NAT is set
|
||||
if uci -q get gateway.@client[0].nat; then
|
||||
if ! peer_ip=$(uci get gateway.meta.peer_ip); then
|
||||
echo "WARNING: No peer_ip set! For NAT you must set a peer_ip"
|
||||
fi
|
||||
|
||||
# read ipaddr but we need no warning
|
||||
# the warning come from 30-network-client if this not set
|
||||
ipaddr=$(uci get gateway.@client[0].ipaddr)
|
||||
|
||||
# configure-layer3 -t - reload set the iptables rule not rebootsafe
|
||||
reload() {
|
||||
# first we flush the table
|
||||
iptables -t nat --flush
|
||||
# and load the new settings
|
||||
for ip in $ipaddr; do
|
||||
iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip
|
||||
done
|
||||
}
|
||||
|
||||
# configure-layer3 -a - apply write iptables rule to firewall and set rule again
|
||||
# because it is possible that the rule is not set here but we need it here
|
||||
apply() {
|
||||
iptables -t nat --flush
|
||||
rm -rf /usr/lib/firewall.d/30-NAT
|
||||
for ip in $ipaddr; do
|
||||
iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip
|
||||
echo "iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip" >> /usr/lib/firewall.d/30-NAT
|
||||
done
|
||||
}
|
||||
# If NAT is not set
|
||||
else
|
||||
# configure-layer3 -t - reload flush the iptables
|
||||
reload() {
|
||||
# we only flush the table
|
||||
iptables -t nat --flush
|
||||
}
|
||||
|
||||
# configure-layer3 -a - apply flush iptables rule and delete firewall rule
|
||||
apply() {
|
||||
# we flush the table
|
||||
iptables -t nat --flush
|
||||
# and delete the firewall
|
||||
rm -rf /usr/lib/firewall.d/30-NAT
|
||||
# nobody need NAT we win! \o/
|
||||
}
|
||||
fi
|
||||
|
||||
# revert is the same whether NAT set or not
|
||||
revert() {
|
||||
# first we flush the table
|
||||
iptables -t nat --flush
|
||||
# and load the old settings
|
||||
. /usr/lib/firewall.d/30-NAT
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-layer3
|
||||
PKG_RELEASE:=7
|
||||
PKG_RELEASE:=8
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/fff-layer3
|
||||
|
||||
|
@ -17,6 +17,7 @@ define Package/fff-layer3
|
|||
+fff-boardname \
|
||||
+fff-dhcp \
|
||||
+fff-layer3-config \
|
||||
+fff-layer3-ipv4snat \
|
||||
+fff-network \
|
||||
+fff-ra \
|
||||
+fff-wireguard \
|
||||
|
|
Loading…
Reference in New Issue