brielle
/
SRFirewall
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity

Make NAT actually work out of the box.

master
bbruns 2014-04-12 20:10:13 +00:00
parent c932ce5fb9
commit d90322e604
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/iptables.inc
View File

@ -451,7 +451,9 @@ function enable_nat {
([[ ${srcaddress} != "-" ]] && [[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && action="-j NETMAP" && srcaddress="-d ${srcaddress}" && dstaddress="--to ${dstaddress}" ([[ ${srcaddress} != "-" ]] && [[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && action="-j NETMAP" && srcaddress="-d ${srcaddress}" && dstaddress="--to ${dstaddress}"
[[ ${srcaddress} != "-" ]]) && revsrcaddress="-d ${srcaddress}"
[[ ${dstinterface} != "-" ]]) && revdstinterface="-i ${dstinterface}"
[[ ${srcinterface} != "-" ]]) && revsrcinterface="-o ${srcinterface}"
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${interface} ${srcaddress} ${srcport} ${dstaddress} ${dstport} ${protocol}" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${interface} ${srcaddress} ${srcport} ${dstaddress} ${dstport} ${protocol}"
# Blank variables that we're not going to use. # Blank variables that we're not going to use.
@ -462,6 +464,7 @@ function enable_nat {
${VER_IPTABLES} -A ${NAT} -t nat ${srcaddress} ${action} ${dstinterface} ${dstaddress} ${VER_IPTABLES} -A ${NAT} -t nat ${srcaddress} ${action} ${dstinterface} ${dstaddress}
${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${srcinterface} ${srcaddress} ${dstinterface} -j ACCEPT ${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${srcinterface} ${srcaddress} ${dstinterface} -j ACCEPT
${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${revsrcinterface} ${revsrcaddress} ${revdstinterface} -j ACCEPT
done < "${FWCONFIGDIR}/ipv${IPVER}/nat.conf" done < "${FWCONFIGDIR}/ipv${IPVER}/nat.conf"
${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done" ${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR} done"
fi fi