diff --git a/src/packages/fff/fff-layer3-ipv4snat/Makefile b/src/packages/fff/fff-layer3-ipv4snat/Makefile new file mode 100644 index 00000000..8f6f89d4 --- /dev/null +++ b/src/packages/fff/fff-layer3-ipv4snat/Makefile @@ -0,0 +1,32 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fff-layer3-ipv4snat +PKG_RELEASE:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/fff-layer3-ipv4snat + SECTION:=base + CATEGORY:=Freifunk + TITLE:=Freifunk-Franken layer3 configuration with SNAT + URL:=https://www.freifunk-franken.de + DEPENDS:= \ + +iptables-mod-nat-extra \ + +fff-firewall \ + +fff-layer3-config + +endef + +define Package/fff-layer3-ipv4snat/description + With this package it is possible to make SNAT with IPv4 on the router +endef + +define Build/Compile + # nothing +endef + +define Package/fff-layer3-ipv4snat/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,fff-layer3-ipv4snat)) diff --git a/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf b/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf new file mode 100644 index 00000000..fdab6abd --- /dev/null +++ b/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf @@ -0,0 +1,58 @@ +# configure-layer3 -c do nothing + +# Check if NAT is set +# If NAT is set +if uci -q get gateway.@client[0].nat; then + if ! peer_ip=$(uci get gateway.meta.peer_ip); then + echo "WARNING: No peer_ip set! For NAT you must set a peer_ip" + fi + + # read ipaddr but we need no warning + # the warning come from 30-network-client if this not set + ipaddr=$(uci get gateway.@client[0].ipaddr) + + # configure-layer3 -t - reload set the iptables rule not rebootsafe + reload() { + # first we flush the table + iptables -t nat --flush + # and load the new settings + for ip in $ipaddr; do + iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip + done + } + + # configure-layer3 -a - apply write iptables rule to firewall and set rule again + # because it is possible that the rule is not set here but we need it here + apply() { + iptables -t nat --flush + rm -rf /usr/lib/firewall.d/30-NAT + for ip in $ipaddr; do + iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip + echo "iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip" >> /usr/lib/firewall.d/30-NAT + done + } +# If NAT is not set +else + # configure-layer3 -t - reload flush the iptables + reload() { + # we only flush the table + iptables -t nat --flush + } + + # configure-layer3 -a - apply flush iptables rule and delete firewall rule + apply() { + # we flush the table + iptables -t nat --flush + # and delete the firewall + rm -rf /usr/lib/firewall.d/30-NAT + # nobody need NAT we win! \o/ + } +fi + +# revert is the same whether NAT set or not +revert() { + # first we flush the table + iptables -t nat --flush + # and load the old settings + . /usr/lib/firewall.d/30-NAT +} diff --git a/src/packages/fff/fff-layer3/Makefile b/src/packages/fff/fff-layer3/Makefile index 9dd76ab5..e9532589 100644 --- a/src/packages/fff/fff-layer3/Makefile +++ b/src/packages/fff/fff-layer3/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-layer3 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-layer3 @@ -17,6 +17,7 @@ define Package/fff-layer3 +fff-boardname \ +fff-dhcp \ +fff-layer3-config \ + +fff-layer3-ipv4snat \ +fff-network \ +fff-ra \ +fff-wireguard \