diff --git a/src/packages/fff/fff-layer3-ipv4snat/Makefile b/src/packages/fff/fff-layer3-ipv4snat/Makefile new file mode 100644 index 00000000..d01cdf33 --- /dev/null +++ b/src/packages/fff/fff-layer3-ipv4snat/Makefile @@ -0,0 +1,32 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fff-layer3-ipv4snat +PKG_RELEASE:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/fff-layer3-ipv4snat + SECTION:=base + CATEGORY:=Freifunk + TITLE:=Freifunk-Franken layer3 configuration with SNAT + URL:=https://www.freifunk-franken.de + DEPENDS:= \ + +iptables-mod-nat-extra \ + +fff-firewall \ + +fff-layer3-config + +endef + +define Package/fff-layer3-ipv4snat/description + With this package it is possible to make SNAT with IPv4 on the router +endef + +define Build/Compile + # nothing +endef + +define Package/fff-layer3-ipv4snat/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,fff-layer3-ipv4snat)) diff --git a/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf b/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf new file mode 100644 index 00000000..b2f6eed4 --- /dev/null +++ b/src/packages/fff/fff-layer3-ipv4snat/files/etc/layer3.d/33-snat.conf @@ -0,0 +1,31 @@ +configure() { + # first we delete the snat config + uci -q del network.client.nat + if [ "$(uci -q get gateway.@client[0].nat)" = '1' ]; then + + # first check the config is plausible + if ! peer_ip=$(uci get gateway.meta.peer_ip); then + echo "ERROR: No peer_ip set! For SNAT use you must set a peer_ip" + return 1 + fi + if ! ipaddr=$(uci get gateway.@client[0].ipaddr); then + echo "ERROR: No ipaddr set! For SNAT use you must set ipaddr" + return 1 + fi + + # We set the snat config + uci set network.client.nat=1 + fi +} + +reload() { + /etc/init.d/fff-firewall start +} + +apply() { + uci commit network +} + +revert() { + uci revert network +} diff --git a/src/packages/fff/fff-layer3-ipv4snat/files/usr/lib/firewall.d/30-SNAT b/src/packages/fff/fff-layer3-ipv4snat/files/usr/lib/firewall.d/30-SNAT new file mode 100644 index 00000000..89bcbceb --- /dev/null +++ b/src/packages/fff/fff-layer3-ipv4snat/files/usr/lib/firewall.d/30-SNAT @@ -0,0 +1,7 @@ +if [ "$(uci -q get gateway.@client[0].nat)" = '1' ]; then + peer_ip=$(uci get gateway.meta.peer_ip) + ipaddr=$(uci get gateway.@client[0].ipaddr) + for ip in $ipaddr; do + iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip + done +fi diff --git a/src/packages/fff/fff-layer3/Makefile b/src/packages/fff/fff-layer3/Makefile index 9dd76ab5..e9532589 100644 --- a/src/packages/fff/fff-layer3/Makefile +++ b/src/packages/fff/fff-layer3/Makefile @@ -1,7 +1,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=fff-layer3 -PKG_RELEASE:=7 +PKG_RELEASE:=8 PKG_BUILD_DIR:=$(BUILD_DIR)/fff-layer3 @@ -17,6 +17,7 @@ define Package/fff-layer3 +fff-boardname \ +fff-dhcp \ +fff-layer3-config \ + +fff-layer3-ipv4snat \ +fff-network \ +fff-ra \ +fff-wireguard \