# configure-layer3 -c do nothing # Check if NAT is set # If NAT is set if uci -q get gateway.@client[0].nat; then if ! peer_ip=$(uci get gateway.meta.peer_ip); then echo "WARNING: No peer_ip set! For NAT you must set a peer_ip" fi # read ipaddr but we need no warning # the warning come from 30-network-client if this not set ipaddr=$(uci get gateway.@client[0].ipaddr) # configure-layer3 -t - reload set the iptables rule not rebootsafe reload() { # first we flush the table iptables -t nat --flush # and load the new settings for ip in $ipaddr; do iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip done } # configure-layer3 -a - apply write iptables rule to firewall and set rule again # because it is possible that the rule is not set here but we need it here apply() { iptables -t nat --flush rm -rf /usr/lib/firewall.d/30-NAT for ip in $ipaddr; do iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip echo "iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip" >> /usr/lib/firewall.d/30-NAT done } # If NAT is not set else # configure-layer3 -t - reload flush the iptables reload() { # we only flush the table iptables -t nat --flush } # configure-layer3 -a - apply flush iptables rule and delete firewall rule apply() { # we flush the table iptables -t nat --flush # and delete the firewall rm -rf /usr/lib/firewall.d/30-NAT # nobody need NAT we win! \o/ } fi # revert is the same whether NAT set or not revert() { # first we flush the table iptables -t nat --flush # and load the old settings . /usr/lib/firewall.d/30-NAT }