Add package fff-layer3-snat

With this package it is possible to make SNAT with IPv4 on the router The user must set a routerip setting in gateway.meta.routerip to get a single ip for peering interfaces. At ipaddr the user must set a ip that not use in babel (e.g. 192.168.0.1/16) for the clients With this package the ipaddr address is SNAT to the routerip and every router need only one freifunk ip and can use the same ipaddr on every router. It is a system like cgnat from big provider Signed-off-by: Christian Dresel <freifunk@dresel.systems>
2020-12-24 09:57:25 +01:00 · 2020-12-24 09:57:25 +01:00 · 6d1c5aaa82
parent 5013238166
commit 6d1c5aaa82
4 changed files with 72 additions and 0 deletions
--- a/src/packages/fff/fff-layer3-snat/Makefile
+++ b/src/packages/fff/fff-layer3-snat/Makefile
@ -0,0 +1,32 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-layer3-snat
+PKG_RELEASE:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-layer3-snat
+	SECTION:=base
+	CATEGORY:=Freifunk
+	TITLE:=Freifunk-Franken layer3 configuration with SNAT
+	URL:=https://www.freifunk-franken.de
+	DEPENDS:= \
+		+iptables-mod-nat-extra \
+		+fff-firewall \
+		+fff-layer3-config
+
+endef
+
+define Package/fff-layer3-snat/description
+	With this package it is possible to make SNAT with IPv4 on the router
+endef
+
+define Build/Compile
+	# nothing
+endef
+
+define Package/fff-layer3-snat/install
+	$(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-layer3-snat))
--- a/src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf
+++ b/src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf
@ -0,0 +1,36 @@
+configure() {
+	# first we delete the snat config
+	uci -q del network.client.fff_snat
+	uci -q del network.client.fff_snat_routerip
+	if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then
+
+		# first check the config is plausible
+                routerip=$(uci -q get gateway.meta.routerip)
+		
+		if ! $routerip; then
+			echo "ERROR: No routerip set, which is required for SNAT!"
+			return 1
+		fi
+		if ! uci -q get gateway.@client[0].ipaddr; then
+			echo "ERROR: No ipaddr set, which is required for SNAT!"
+			return 1
+		fi
+
+		# keep only the first IP
+                routerip=${routerip%% *}
+		# keep only the IP without the CIDR
+                routerip=${routerip%%/*}
+
+		# We set the snat config
+		uci set network.client.fff_snat=1
+		uci set network.client.fff_snat_sourceip=$routerip
+	fi
+}
+
+apply() {
+	uci commit network
+}
+
+revert() {
+	uci revert network
+}
--- a/src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat
+++ b/src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat
@ -0,0 +1,3 @@
+if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then
+	iptables -t nat -A POSTROUTING -i br-client -j SNAT --to-source $(uci -q get network.client.fff_snat_sourceip)
+fi
--- a/src/packages/fff/fff-layer3/Makefile
+++ b/src/packages/fff/fff-layer3/Makefile
@ -15,6 +15,7 @@ define Package/fff-layer3
 	         +fff-boardname \
 	         +fff-dhcp \
 	         +fff-layer3-config \
+                 +fff-layer3-snat \
 	         +fff-network \
 	         +fff-ra \
 	         +fff-wireguard \