forked from freifunk-franken/firmware
59 lines
2.1 KiB
Plaintext
59 lines
2.1 KiB
Plaintext
# configure-layer3 -c do nothing
|
|
|
|
# Check if NAT is set
|
|
# If NAT is set
|
|
if uci -q get gateway.@client[0].nat; then
|
|
if ! peer_ip=$(uci get gateway.meta.peer_ip); then
|
|
echo "WARNING: No peer_ip set! For NAT you must set a peer_ip"
|
|
fi
|
|
|
|
# read ipaddr but we need no warning
|
|
# the warning come from 30-network-client if this not set
|
|
ipaddr=$(uci get gateway.@client[0].ipaddr)
|
|
|
|
# configure-layer3 -t - reload set the iptables rule not rebootsafe
|
|
reload() {
|
|
# first we flush the table
|
|
iptables -t nat --flush
|
|
# and load the new settings
|
|
for ip in $ipaddr; do
|
|
iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip
|
|
done
|
|
}
|
|
|
|
# configure-layer3 -a - apply write iptables rule to firewall and set rule again
|
|
# because it is possible that the rule is not set here but we need it here
|
|
apply() {
|
|
iptables -t nat --flush
|
|
rm -rf /usr/lib/firewall.d/30-NAT
|
|
for ip in $ipaddr; do
|
|
iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip
|
|
echo "iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip" >> /usr/lib/firewall.d/30-NAT
|
|
done
|
|
}
|
|
# If NAT is not set
|
|
else
|
|
# configure-layer3 -t - reload flush the iptables
|
|
reload() {
|
|
# we only flush the table
|
|
iptables -t nat --flush
|
|
}
|
|
|
|
# configure-layer3 -a - apply flush iptables rule and delete firewall rule
|
|
apply() {
|
|
# we flush the table
|
|
iptables -t nat --flush
|
|
# and delete the firewall
|
|
rm -rf /usr/lib/firewall.d/30-NAT
|
|
# nobody need NAT we win! \o/
|
|
}
|
|
fi
|
|
|
|
# revert is the same whether NAT set or not
|
|
revert() {
|
|
# first we flush the table
|
|
iptables -t nat --flush
|
|
# and load the old settings
|
|
. /usr/lib/firewall.d/30-NAT
|
|
}
|