[v2] Add package fff-layer3-ipv4snat #79
|
@ -1,7 +1,7 @@
|
||||||
include $(TOPDIR)/rules.mk
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
PKG_NAME:=fff-firewall
|
PKG_NAME:=fff-firewall
|
||||||
PKG_RELEASE:=7
|
PKG_RELEASE:=8
|
||||||
|
|
||||||
include $(INCLUDE_DIR)/package.mk
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
|
|
@ -5,5 +5,17 @@ ebtables -X
|
||||||
iptables -F
|
iptables -F
|
||||||
iptables -X
|
iptables -X
|
||||||
|
|
||||||
|
iptables -F -t nat
|
||||||
|
iptables -X -t nat
|
||||||
|
|
||||||
|
iptables -F -t mangle
|
||||||
|
iptables -X -t mangle
|
||||||
|
|
||||||
ip6tables -F
|
ip6tables -F
|
||||||
ip6tables -X
|
ip6tables -X
|
||||||
|
|
||||||
|
ip6tables -F -t nat
|
||||||
|
ip6tables -X -t nat
|
||||||
|
|
||||||
|
ip6tables -F -t mangle
|
||||||
|
ip6tables -X -t mangle
|
||||||
|
|
32
src/packages/fff/fff-layer3-snat/Makefile
Normal file
32
src/packages/fff/fff-layer3-snat/Makefile
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
include $(TOPDIR)/rules.mk
|
||||||
|
|
||||||
|
PKG_NAME:=fff-layer3-snat
|
||||||
|
PKG_RELEASE:=1
|
||||||
|
|
||||||
|
include $(INCLUDE_DIR)/package.mk
|
||||||
|
|
||||||
|
define Package/fff-layer3-snat
|
||||||
|
SECTION:=base
|
||||||
|
CATEGORY:=Freifunk
|
||||||
|
TITLE:=Freifunk-Franken layer3 configuration with SNAT
|
||||||
|
URL:=https://www.freifunk-franken.de
|
||||||
|
DEPENDS:= \
|
||||||
|
+iptables-mod-nat-extra \
|
||||||
|
+fff-firewall \
|
||||||
|
+fff-layer3-config
|
||||||
|
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/fff-layer3-snat/description
|
||||||
|
With this package it is possible to make SNAT with IPv4 on the router
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Build/Compile
|
||||||
|
# nothing
|
||||||
|
endef
|
||||||
|
|
||||||
|
define Package/fff-layer3-snat/install
|
||||||
|
$(CP) ./files/* $(1)/
|
||||||
|
endef
|
||||||
|
|
||||||
|
$(eval $(call BuildPackage,fff-layer3-snat))
|
|
@ -0,0 +1,36 @@
|
||||||
|
configure() {
|
||||||
|
# first we delete the snat config
|
||||||
|
uci -q del network.client.fff_snat
|
||||||
|
uci -q del network.client.fff_snat_routerip
|
||||||
|
if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then
|
||||||
|
|
||||||
|
# first check the config is plausible
|
||||||
|
routerip=$(uci -q get gateway.meta.routerip)
|
||||||
|
|
||||||
|
if ! $routerip; then
|
||||||
|
echo "ERROR: No routerip set, which is required for SNAT!"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
if ! uci -q get gateway.@client[0].ipaddr; then
|
||||||
|
echo "ERROR: No ipaddr set, which is required for SNAT!"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# keep only the first IP
|
||||||
|
routerip=${routerip%% *}
|
||||||
|
# keep only the IP without the CIDR
|
||||||
|
routerip=${routerip%%/*}
|
||||||
|
|
||||||
|
# We set the snat config
|
||||||
|
uci set network.client.fff_snat=1
|
||||||
|
uci set network.client.fff_snat_sourceip=$routerip
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
apply() {
|
||||||
|
uci commit network
|
||||||
|
}
|
||||||
|
|
||||||
|
revert() {
|
||||||
|
uci revert network
|
||||||
|
}
|
|
@ -0,0 +1,3 @@
|
||||||
|
if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then
|
||||||
|
iptables -t nat -A POSTROUTING -i br-client -j SNAT --to-source $(uci -q get network.client.fff_snat_sourceip)
|
||||||
|
fi
|
|
@ -15,6 +15,7 @@ define Package/fff-layer3
|
||||||
+fff-boardname \
|
+fff-boardname \
|
||||||
+fff-dhcp \
|
+fff-dhcp \
|
||||||
+fff-layer3-config \
|
+fff-layer3-config \
|
||||||
|
+fff-layer3-snat \
|
||||||
+fff-network \
|
+fff-network \
|
||||||
+fff-ra \
|
+fff-ra \
|
||||||
+fff-wireguard \
|
+fff-wireguard \
|
||||||
|
|
Loading…
Reference in New Issue
Block a user