[RFC PATCH 1/1] fff-gateway: Add option to set NAT for IPv4
Christian Dresel
fff at chrisi01.de
So Apr 5 18:10:50 CEST 2020
With this patch it is possible to activate NAT for IPv4 Clients
The documentation for the options is here:
https://wiki.freifunk-franken.de/w/Layer3Firmware_Config/nat#client
This is a RFC patch i hope for many comments
Signed-off-by: Christian Dresel <fff at chrisi01.de>
---
.../fff/fff-gateway/files/etc/gateway.d/33-nat | 54 ++++++++++++++++++++++
1 file changed, 54 insertions(+)
create mode 100644 src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat
diff --git a/src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat b/src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat
new file mode 100644
index 0000000..ad3082c
--- /dev/null
+++ b/src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat
@@ -0,0 +1,54 @@
+# First read IP adresses
+if ! peer_ip=$(uci get gateway.meta.peer_ip); then
+ echo "WARNING: No peer_ip set!"
+fi
+if ! ipaddr=$(uci get gateway. at client[0].ipaddr); then
+ echo "WARNING: No ipaddr set!"
+fi
+
+# configuregateway -c do nothing
+
+# Check if NAT is set
+if uci -q get gateway. at client[0].nat; then
+ # configuregateway -t - reload set the iptables rule not rebootsafe
+ reload() {
+ # first we flush the table
+ iptables -t nat --flush
+ # and load the new settings
+ iptables -t nat -A POSTROUTING -s $ipaddr -j SNAT --to-source $peer_ip
+ }
+
+ # configuregateway -a - apply write iptables rule to firewall and set rule again
+ apply() {
+ echo "iptables -t nat -A POSTROUTING -s $ipaddr -j SNAT --to-source $peer_ip" > /usr/lib/firewall.d/30-NAT
+ iptables -t nat --flush
+ iptables -t nat -A POSTROUTING -s $ipaddr -j SNAT --to-source $peer_ip
+ }
+
+ # timeout configuregateway -t - flush the table
+# if NAT is not set
+else
+ # configuregateway -t - reload set the iptables rule not rebootsafe
+ reload() {
+ # we only flush the table
+ iptables -t nat --flush
+ }
+
+ # configuregateway -a - apply flush iptables rule and delete firewall rule
+ apply() {
+ # we flush the table
+ iptables -t nat --flush
+ # and delete the firewall
+ rm /usr/lib/firewall.d/30-NAT
+ # nobody need NAT we win! \o/
+ }
+fi
+
+# revert is the same whether NAT set or not
+# timeout configuregateway -t - flush the table
+revert() {
+ # first we flush the table
+ iptables -t nat --flush
+ # and load the old settings
+ . /usr/lib/firewall.d/30-NAT
+}
\ No newline at end of file
--
2.11.0
Mehr Informationen über die Mailingliste franken-dev