Refactor NETMAP a bit so it allows more flexibility with src and dst. Requires that the custom field starts with the --to address.
parent
ca06b76fc2
commit
ae9a725e8c
|
@ -1,5 +1,5 @@
|
||||||
2.1p1 - 01/01/2020
|
2.1p1 - 01/01/2020
|
||||||
- Fix NETMAP so it works properly (was doing -d instead of -s for source address)
|
- Refactor NETMAP NAT target so its more flexible. See new example nat.conf file for details
|
||||||
|
|
||||||
2.1 Final - 07/12/2019
|
2.1 Final - 07/12/2019
|
||||||
- Fix flush tables rule for raw
|
- Fix flush tables rule for raw
|
||||||
|
|
|
@ -5,15 +5,17 @@
|
||||||
# <type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
# <type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
||||||
#
|
#
|
||||||
# Type: Required ( SNAT | MASQ | NETMAP | ACCEPT)
|
# Type: Required ( SNAT | MASQ | NETMAP | ACCEPT)
|
||||||
# Source Interface: Optional ( interface name, aka eth0 )
|
# Source Interface: Optional, ignored by NETMAP ( interface name, aka eth0 )
|
||||||
# Source Address: Optional ( IP address with optional netmask )
|
# Source Address: Optional ( IP address with optional netmask )
|
||||||
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
|
# Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
|
||||||
# Destination Address: Required for all but MASQ ( IP address with optional netmask )
|
# Destination Address: Required for all but MASQ and NETMAP ( IP address with optional netmask )
|
||||||
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
|
# Custom: Optional for all except NETMAP, set custom section after the source/dest and before ACCEPT/DROP
|
||||||
|
# Custom: Required for NETMAP, address to map TO, then all other custom options (see example)
|
||||||
# You can use '-' for optional fields
|
# You can use '-' for optional fields
|
||||||
#============================================================
|
#============================================================
|
||||||
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
#<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
|
||||||
#SNAT eth1 10.0.0.0/24 eth0 172.16.1.1
|
#SNAT eth1 10.0.0.0/24 eth0 172.16.1.1
|
||||||
#MASQ - - eth0 -
|
#MASQ - - eth0 -
|
||||||
#NETMAP eth1 192.168.0.0/24 vpn0 172.16.10.0/24
|
#NETMAP - 192.168.0.0/24 vpn0 - 172.16.0.0/24
|
||||||
|
#^ ex: map src of 192.168.0.0/24 to 172.16.0.0/24 when it leaves via vpn0
|
||||||
|
|
||||||
|
|
|
@ -484,7 +484,13 @@ function enable_nat {
|
||||||
${display} RED "nat.conf: Error - SNAT rule can not have empty destination address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress}" \
|
${display} RED "nat.conf: Error - SNAT rule can not have empty destination address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress}" \
|
||||||
&& continue
|
&& continue
|
||||||
|
|
||||||
([[ ${srcaddress} != "-" ]] && [[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && action="-j NETMAP" && srcaddress="-s ${srcaddress}" && dstaddress="--to ${dstaddress}"
|
[[ ${type} == "NETMAP" ]] && action="-j NETMAP"
|
||||||
|
([[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) dstaddress="-d ${dstaddress}"
|
||||||
|
([[ ${srcaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) srcaddress="-s ${srcaddress}"
|
||||||
|
([[ ${custom} == "" ]] && [[ ${type} == "NETMAP" ]]) && \
|
||||||
|
${display} RED "nat.conf: Error - NETMAP rule can not have empty custom address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress} ${custom}" \
|
||||||
|
&& continue
|
||||||
|
([[ ${custom} != "" ]] && [[ ${type} == "NETMAP" ]]) && custom="--to ${custom}"
|
||||||
|
|
||||||
|
|
||||||
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${srcinterface} ${srcaddress} ${srcport} ${dstinterface} ${dstaddress} ${dstport} ${protocol} ${custom}"
|
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${srcinterface} ${srcaddress} ${srcport} ${dstinterface} ${dstaddress} ${dstport} ${protocol} ${custom}"
|
||||||
|
|
Loading…
Reference in New Issue