bc047d940e62954afce8f9327578cc0267f217cf
2 iptables
="/sbin/iptables"
3 iptablesrestore
="/sbin/iptables-restore"
4 ifconfig
="/sbin/ifconfig"
7 ipcalc
="/usr/bin/ipcalc"
9 #pimp files must be generated by optional-tools/make-pimp utility
10 pimp_2way_nat
="/dev/shm/pimp-2way-nat.tmp"
11 pimp_snat
="/dev/shm/pimp-snat.tmp"
12 etchosts
="/mnt/mtdblock0/hosts"
13 restoretmp
="/dev/shm/iptables-restore.tmp"
14 restoredata
="/mnt/mtdblock0/iptables-restore.in"
27 echo "*nat" > $restoretmp
28 echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
29 echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
30 echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp
32 # ===============================================================
33 # Symetrical SNAT-DNAT using indexed iptables
34 # ===============================================================
35 echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
37 for czfip
in `$grep -v ^# $pimp_2way_nat|$cut -f 1 -d " "`
39 pubip
=`$grep "$czfip " $pimp_2way_nat|$cut -f 2 -d " "`
40 czffirstindex
=priv_
`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
41 czfsecondindex
=priv_
`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
42 czfthirdindex
=priv_
`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
43 czffourthindex
=priv_
`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
44 pubfirstindex
=pub_
`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
45 pubsecondindex
=pub_
`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
47 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
49 echo :$czffirstindex "- [0:0]" >> $restoretmp
50 s
=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
51 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
52 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
53 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
54 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
55 chaintrack
=\
${czffirstindex}\
${chaintrack}
58 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
60 echo :$czfsecondindex "- [0:0]" >> $restoretmp
61 s
=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
62 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
63 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
64 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
65 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
66 chaintrack
=\
${czfsecondindex}\
${chaintrack}
69 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
71 echo :$czfthirdindex "- [0:0]" >> $restoretmp
72 s
=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
73 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
74 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
75 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
76 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
77 chaintrack
=\
${czfthirdindex}\
${chaintrack}
80 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
82 echo :$czffourthindex "- [0:0]" >> $restoretmp
83 s
=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
84 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
85 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
86 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
87 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
88 chaintrack
=\
${czffourthindex}\
${chaintrack}
91 if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
93 echo :$pubfirstindex "- [0:0]" >> $restoretmp
94 s
=`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ `
95 echo -A PREROUTING
-i $wan1 -d $s -j $pubfirstindex >> $restoretmp
96 echo -A PREROUTING
-i $wan2 -d $s -j $pubfirstindex >> $restoretmp
97 echo -A PREROUTING
-i $wan3 -d $s -j $pubfirstindex >> $restoretmp
98 echo -A PREROUTING
-i $wan4 -d $s -j $pubfirstindex >> $restoretmp
99 chaintrack
=\
${pubfirstindex}\
${chaintrack}
102 if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
104 echo :$pubsecondindex "- [0:0]" >> $restoretmp
105 s
=`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ `
106 echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
107 echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
108 echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
109 echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
110 chaintrack
=\
${pubsecondindex}\
${chaintrack}
113 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
114 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
115 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
116 echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
118 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoretmp
119 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoretmp
120 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoretmp
121 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT
--to-source $pubip >> $restoretmp
128 # ===============================================================
129 # SNAT only using indexed iptables (should be rather function, hmm)
130 # ===============================================================
131 echo -n "Generating new iptables-restore data - one way SNAT "
133 for czfip
in `$grep -v ^# $pimp_snat|$cut -f 1 -d " "`
135 pubip
=`$grep "$czfip " $pimp_snat|$cut -f 2 -d " "`
136 czffirstindex
=priv_
`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
137 czfsecondindex
=priv_
`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
138 czfthirdindex
=priv_
`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
139 czffourthindex
=priv_
`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
141 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
143 echo :$czffirstindex "- [0:0]" >> $restoretmp
144 s
=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
145 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
146 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
147 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
148 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
149 chaintrack
=\
${czffirstindex}\
${chaintrack}
152 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
154 echo :$czfsecondindex "- [0:0]" >> $restoretmp
155 s
=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
156 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
157 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
158 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
159 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
160 chaintrack
=\
${czfsecondindex}\
${chaintrack}
163 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
165 echo :$czfthirdindex "- [0:0]" >> $restoretmp
166 s
=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
167 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
168 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
169 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
170 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
171 chaintrack
=\
${czfthirdindex}\
${chaintrack}
174 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
176 echo :$czffourthindex "- [0:0]" >> $restoretmp
177 s
=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
178 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
179 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
180 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
181 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
182 chaintrack
=\
${czffourthindex}\
${chaintrack}
185 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoretmp
186 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoretmp
187 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoretmp
188 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT
--to-source $pubip >> $restoretmp
194 echo COMMIT
>> $restoretmp
195 echo -n "Writing $restoredata"
196 mv $restoretmp $restoredata
This page took 0.713011 seconds and 3 git commands to generate.