Add package fff-layer3-ipv4snat
With this package it is possible to make SNAT with IPv4 on the router The user must set a peer_ip setting in gateway.meta.peer_ip to get a single ip for peering interfaces. At ipaddr the user must set a ip that not use in babel (e.g. 192.168.0.1/16) for the clients With this package the ipaddr address is SNAT to the peer_ip and every router need only one freifunk ip and can use the same ipaddr on every router. It is a system like cgnat from big provider Signed-off-by: Christian Dresel <freifunk@dresel.systems>
This commit is contained in:
parent
93106ff9d6
commit
0b585e5273
32
src/packages/fff/fff-layer3-ipv4snat/Makefile
Normal file
32
src/packages/fff/fff-layer3-ipv4snat/Makefile
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PKG_NAME:=fff-layer3-ipv4snat
|
||||||
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
define Package/fff-layer3-ipv4snat
|
||||||
|
SECTION:=base
|
||||||
|
CATEGORY:=Freifunk
|
||||||
|
TITLE:=Freifunk-Franken layer3 configuration with SNAT
|
||||||
|
URL:=https://www.freifunk-franken.de
|
||||||
|
DEPENDS:= \
|
||||||
|
+iptables-mod-nat-extra \
|
||||||
|
+fff-firewall \
|
||||||
|
+fff-layer3-config
|
||||||
|
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/fff-layer3-ipv4snat/description
|
||||||
|
With this package it is possible to make SNAT with IPv4 on the router
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Build/Compile
|
||||||
|
# nothing
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/fff-layer3-ipv4snat/install
|
||||||
|
$(CP) ./files/* $(1)/
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call BuildPackage,fff-layer3-ipv4snat))
|
|
@ -0,0 +1,31 @@
|
||||||
|
configure() {
|
||||||
|
# first we delete the snat config
|
||||||
|
uci -q del network.client.nat
|
||||||
|
if [ "$(uci -q get gateway.@client[0].nat)" = '1' ]; then
|
||||||
|
|
||||||
|
# first check the config is plausible
|
||||||
|
if ! peer_ip=$(uci get gateway.meta.peer_ip); then
|
||||||
|
echo "ERROR: No peer_ip set! For SNAT use you must set a peer_ip"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if ! ipaddr=$(uci get gateway.@client[0].ipaddr); then
|
||||||
|
echo "ERROR: No ipaddr set! For SNAT use you must set ipaddr"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# We set the snat config
|
||||||
|
uci set network.client.nat=1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
reload() {
|
||||||
|
/etc/init.d/fff-firewall start
|
||||||
|
}
|
||||||
|
|
||||||
|
apply() {
|
||||||
|
uci commit network
|
||||||
|
}
|
||||||
|
|
||||||
|
revert() {
|
||||||
|
uci revert network
|
||||||
|
}
|
|
@ -0,0 +1,7 @@
|
||||||
|
if [ "$(uci -q get gateway.@client[0].nat)" = '1' ]; then
|
||||||
|
peer_ip=$(uci get gateway.meta.peer_ip)
|
||||||
|
ipaddr=$(uci get gateway.@client[0].ipaddr)
|
||||||
|
for ip in $ipaddr; do
|
||||||
|
iptables -t nat -A POSTROUTING -s $ip -j SNAT --to-source $peer_ip
|
||||||
|
done
|
||||||
|
fi
|
|
@ -1,7 +1,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=fff-layer3
|
PKG_NAME:=fff-layer3
|
||||||
PKG_RELEASE:=7
|
PKG_RELEASE:=8
|
||||||
|
|
||||||
PKG_BUILD_DIR:=$(BUILD_DIR)/fff-layer3
|
PKG_BUILD_DIR:=$(BUILD_DIR)/fff-layer3
|
||||||
|
|
||||||
|
@ -17,6 +17,7 @@ define Package/fff-layer3
|
||||||
+fff-boardname \
|
+fff-boardname \
|
||||||
+fff-dhcp \
|
+fff-dhcp \
|
||||||
+fff-layer3-config \
|
+fff-layer3-config \
|
||||||
|
+fff-layer3-ipv4snat \
|
||||||
+fff-network \
|
+fff-network \
|
||||||
+fff-ra \
|
+fff-ra \
|
||||||
+fff-wireguard \
|
+fff-wireguard \
|
||||||
|
|
Loading…
Reference in New Issue
Block a user