Add package fff-layer3-ipv4snat

With this package it is possible to make SNAT with IPv4 on the router The user must set a peer_ip setting in gateway.meta.peer_ip to get a single ip for peering interfaces. At ipaddr the user must set a ip that not use in babel (e.g. 192.168.0.1/16) for the clients With this package the ipaddr address is SNAT to the peer_ip and every router need only one freifunk ip and can use the same ipaddr on every router. It is a system like cgnat from big provider Signed-off-by: Christian Dresel <freifunk@dresel.systems>
2020-12-24 09:57:25 +01:00 · 2020-12-24 09:57:25 +01:00 · 0b585e5273
parent 93106ff9d6
commit 0b585e5273
4 changed files with 72 additions and 1 deletions
--- a/src/packages/fff/fff-layer3-ipv4snat/Makefile
+++ b/src/packages/fff/fff-layer3-ipv4snat/Makefile
@ -0,0 +1,32 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-layer3-ipv4snat
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-layer3-ipv4snat
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken layer3 configuration with SNAT
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:= \
+		+iptables-mod-nat-extra \
+		+fff-firewall \
+		+fff-layer3-config
+
+endef
+
+define Package/fff-layer3-ipv4snat/description
+	With this package it is possible to make SNAT with IPv4 on the router
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-layer3-ipv4snat/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-layer3-ipv4snat))
--- a/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf
+++ b/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf
@ -0,0 +1,31 @@
+configure() {
+	# first we delete the snat config
+	uci -q del network.client.nat
+	if [ "$(uci -q get gateway.@client[0].nat)" = '1' ]; then
+
+		# first check the config is plausible
+		if ! peer_ip=$(uci get gateway.meta.peer_ip); then
+			echo "ERROR: No peer_ip set! For SNAT use you must set a peer_ip"
+			return 1
+		fi
+		if ! ipaddr=$(uci get gateway.@client[0].ipaddr); then
+			echo "ERROR: No ipaddr set! For SNAT use you must set ipaddr"
+			return 1
+		fi
+
+		# We set the snat config
+		uci set network.client.nat=1
+	fi
+}
+
+reload() {
+	/etc/init.d/fff-firewall start
+}
+
+apply() {
+	uci commit network
+}
+
+revert() {
+	uci revert network
+}
--- a/src/packages/fff/fff-layer3-ipv4snat/files/usr/lib/firewall.d/30-SNAT
+++ b/src/packages/fff/fff-layer3-ipv4snat/files/usr/lib/firewall.d/30-SNAT
@ -0,0 +1,7 @@
+if [ "$(uci -q get gateway.@client[0].nat)" = '1' ]; then
+	peer_ip=$(uci get gateway.meta.peer_ip)
+	ipaddr=$(uci get gateway.@client[0].ipaddr)
+	for ip in $ipaddr; do
+		iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip
+	done
+fi
--- a/src/packages/fff/fff-layer3/Makefile
+++ b/src/packages/fff/fff-layer3/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=fff-layer3
-PKG_RELEASE:=7
+PKG_RELEASE:=8

 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-layer3

@ -17,6 +17,7 @@ define Package/fff-layer3
 	         +fff-boardname \
 	         +fff-dhcp \
 	         +fff-layer3-config \
+                 +fff-layer3-ipv4snat \
 	         +fff-network \
 	         +fff-ra \
 	         +fff-wireguard \