Changeset 22937


Ignore:
Timestamp:
2010-09-05T21:03:17+02:00 (6 years ago)
Author:
jow
Message:

[package] firewall: introduce SNAT support for redirect sections

Location:
trunk/package/firewall
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/firewall/Makefile

    r22905 r22937  
    1010 
    1111PKG_VERSION:=2 
    12 PKG_RELEASE:=11 
     12PKG_RELEASE:=12 
    1313 
    1414include $(INCLUDE_DIR)/package.mk 
  • trunk/package/firewall/files/lib/core_redirect.sh

    r22227 r22937  
    1818                string proto "tcpudp" \ 
    1919                string family "" \ 
     20                string target "DNAT" \ 
    2021        } || return 
    2122        [ -n "$redirect_name" ] || redirect_name=$redirect__name 
     
    3031                fw_die "redirect ${redirect_name}: needs src and dest_ip or dest_port" 
    3132        } 
     33 
     34        local chain destopt 
     35        if [ "$redirect_target" == "DNAT" ]; then 
     36                chain="zone_${redirect_src}_prerouting" 
     37                destopt="--to-destination" 
     38        elif [ "$redirect_target" == "SNAT" ]; then 
     39                chain="zone_${redirect_src}_nat" 
     40                destopt="--to-source" 
     41        else 
     42                fw_die "redirect ${redirect_name}: target must be either DNAT or SNAT" 
     43        fi 
    3244 
    3345        list_contains FW_CONNTRACK_ZONES $redirect_src || \ 
     
    4456        [ "$redirect_proto" == "tcpudp" ] && redirect_proto="tcp udp" 
    4557        for redirect_proto in $redirect_proto; do 
    46                 fw add $mode n zone_${redirect_src}_prerouting DNAT $ { $redirect_src_ip $redirect_dest_ip } { \ 
     58                fw add $mode n $chain $redirect_target $ { $redirect_src_ip $redirect_dest_ip } { \ 
    4759                        ${redirect_proto:+-p $redirect_proto} \ 
    4860                        ${redirect_src_ip:+-s $redirect_src_ip/$redirect_src_ip_prefixlen} \ 
     
    5163                        ${redirect_src_dport:+--dport $redirect_src_dport} \ 
    5264                        ${redirect_src_mac:+-m mac --mac-source $redirect_src_mac} \ 
    53                         --to-destination ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \ 
     65                        $destopt ${redirect_dest_ip}${redirect_dest_port:+:$nat_dest_port} \ 
    5466                } 
    5567 
  • trunk/package/firewall/files/reflection.hotplug

    r22908 r22937  
    4242                config_get src "$cfg" src 
    4343 
    44                 [ "$src" = wan ] && { 
     44                local target 
     45                config_get target "$cfg" target DNAT 
     46 
     47                [ "$src" = wan ] && [ "$target" = DNAT ] && { 
    4548                        local dest 
    4649                        config_get dest "$cfg" dest "lan" 
Note: See TracChangeset for help on using the changeset viewer.