[RFC PATCH 1/1] fff-gateway: Add option to set NAT for IPv4

So Apr 5 18:10:50 CEST 2020

With this patch it is possible to activate NAT for IPv4 Clients

The documentation for the options is here:
https://wiki.freifunk-franken.de/w/Layer3Firmware_Config/nat#client

This is a RFC patch i hope for many comments

Signed-off-by: Christian Dresel <fff at chrisi01.de>
---
 .../fff/fff-gateway/files/etc/gateway.d/33-nat     | 54 ++++++++++++++++++++++
 1 file changed, 54 insertions(+)
 create mode 100644 src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat

diff --git a/src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat b/src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat
new file mode 100644
index 0000000..ad3082c
--- /dev/null
+++ b/src/packages/fff/fff-gateway/files/etc/gateway.d/33-nat
@@ -0,0 +1,54 @@
+# First read IP adresses
+if ! peer_ip=$(uci get gateway.meta.peer_ip); then
+	echo "WARNING: No peer_ip set!"
+fi
+if ! ipaddr=$(uci get gateway. at client[0].ipaddr); then
+	echo "WARNING: No ipaddr set!"
+fi
+
+# configuregateway -c do nothing
+
+# Check if NAT is set
+if uci -q get gateway. at client[0].nat; then
+	# configuregateway -t - reload set the iptables rule not rebootsafe
+	reload() {
+		# first we flush the table
+		iptables -t nat --flush
+		# and load the new settings
+		iptables -t nat -A POSTROUTING -s $ipaddr -j SNAT --to-source $peer_ip
+	}
+	
+	# configuregateway -a  - apply write iptables rule to firewall and set rule again                                                                                                                                                                                                                                                                     
+	apply() {
+		echo "iptables -t nat -A POSTROUTING -s $ipaddr -j SNAT --to-source $peer_ip" > /usr/lib/firewall.d/30-NAT
+		iptables -t nat --flush
+		iptables -t nat -A POSTROUTING -s $ipaddr -j SNAT --to-source $peer_ip 
+	}
+
+	# timeout configuregateway -t - flush the table 
+# if NAT is not set
+else
+	# configuregateway -t - reload set the iptables rule not rebootsafe
+	reload() {
+		# we only flush the table
+		iptables -t nat --flush
+	}
+
+	# configuregateway -a  - apply flush iptables rule and delete firewall rule                                                                                                                                                                                                                                                                     
+	apply() {
+		# we flush the table
+		iptables -t nat --flush
+		# and delete the firewall
+		rm /usr/lib/firewall.d/30-NAT
+		# nobody need NAT we win! \o/
+	}
+fi
+
+# revert is the same whether NAT set or not
+# timeout configuregateway -t - flush the table 
+revert() {
+	# first we flush the table
+	iptables -t nat --flush
+	# and load the old settings
+	. /usr/lib/firewall.d/30-NAT
+}
\ No newline at end of file
-- 
2.11.0

