freifunk-franken
/
firmware
9
7
Fork 13
Code Issues 48 Pull Requests 7 Releases 17 Wiki Activity

[v2] Add package fff-layer3-ipv4snat #79

Closed
ChristianD wants to merge 2 commits from ChristianD/firmware:ipv4snatV2 into master
pull from: ChristianD/firmware:ipv4snatV2
merge into: freifunk-franken:master
Conversation 22 Commits 2 Files Changed 6 +85 -1
6 changed files with 85 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/packages/fff/fff-firewall/Makefile
View File

@ -1,7 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-firewall
PKG_RELEASE:=7
PKG_RELEASE:=8
include $(INCLUDE_DIR)/package.mk

12
src/packages/fff/fff-firewall/files/usr/lib/firewall.d/00-prepare
View File

@ -5,5 +5,17 @@ ebtables -X
iptables -F
iptables -X
iptables -F -t nat
iptables -X -t nat
iptables -F -t mangle
iptables -X -t mangle
ip6tables -F
ip6tables -X
ip6tables -F -t nat
ip6tables -X -t nat
ip6tables -F -t mangle
ip6tables -X -t mangle

32
src/packages/fff/fff-layer3-snat/Makefile Normal file
View File

@ -0,0 +1,32 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=fff-layer3-snat
PKG_RELEASE:=1
include $(INCLUDE_DIR)/package.mk
define Package/fff-layer3-snat
SECTION:=base
CATEGORY:=Freifunk
TITLE:=Freifunk-Franken layer3 configuration with SNAT
URL:=https://www.freifunk-franken.de
DEPENDS:= \
+iptables-mod-nat-extra \
+fff-firewall \
+fff-layer3-config
endef
define Package/fff-layer3-snat/description
With this package it is possible to make SNAT with IPv4 on the router
endef
define Build/Compile
# nothing
endef
define Package/fff-layer3-snat/install
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,fff-layer3-snat))

36
src/packages/fff/fff-layer3-snat/files/etc/layer3.d/33-snat.conf Normal file
View File

@ -0,0 +1,36 @@
configure() {
# first we delete the snat config
uci -q del network.client.fff_snat
uci -q del network.client.fff_snat_routerip
if [ "$(uci -q get gateway.@client[0].snat)" = '1' ]; then
# first check the config is plausible
routerip=$(uci -q get gateway.meta.routerip)
if ! $routerip; then
echo "ERROR: No routerip set, which is required for SNAT!"
return 1
fi
if ! uci -q get gateway.@client[0].ipaddr; then
echo "ERROR: No ipaddr set, which is required for SNAT!"
return 1
fi
# keep only the first IP
routerip=${routerip%% *}
# keep only the IP without the CIDR
routerip=${routerip%%/*}
# We set the snat config
uci set network.client.fff_snat=1
uci set network.client.fff_snat_sourceip=$routerip
fi
}
apply() {
uci commit network
}
revert() {
uci revert network
}

3
src/packages/fff/fff-layer3-snat/files/usr/lib/firewall.d/30-snat Normal file
View File

@ -0,0 +1,3 @@
if [ "$(uci -q get network.client.fff_snat)" = '1' ]; then
iptables -t nat -A POSTROUTING -i br-client -j SNAT --to-source $(uci -q get network.client.fff_snat_sourceip)
fi

1
src/packages/fff/fff-layer3/Makefile
View File

@ -15,6 +15,7 @@ define Package/fff-layer3
+fff-boardname \
+fff-dhcp \
+fff-layer3-config \
+fff-layer3-snat \
+fff-network \
+fff-ra \
+fff-wireguard \