c4c0ce481ddfd84c77b0c42515c55121a11d6ff6
3 iptables
="/sbin/iptables"
4 iptablesrestore
="/sbin/iptables-restore"
5 ifconfig
="/sbin/ifconfig"
8 ipcalc
="/usr/bin/ipcalc"
10 #pimp files must be generated by optional-tools/make-pimp utility
11 pimp_2way_nat
="/dev/shm/pimp-2way-nat.tmp"
12 pimp_snat
="/dev/shm/pimp-snat.tmp"
13 etchosts
="/mnt/mtdblock0/hosts"
14 restoretmp
="/dev/shm/iptables-restore.tmp"
15 restoredata
="/mnt/mtdblock0/iptables-restore.in"
28 echo "*nat" > $restoretmp
29 echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
30 echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
31 echo ":OUTPUT ACCEPT [0:0]" >> $restoretmp
33 # ===============================================================
34 # Symetrical SNAT-DNAT using indexed iptables
35 # ===============================================================
36 echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
38 for czfip
in `$grep -v ^# $pimp_2way_nat|$cut -f 1 -d " "`
40 pubip
=`$grep "$czfip " $pimp_2way_nat|$cut -f 2 -d " "`
41 czffirstindex
=priv_
`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
42 czfsecondindex
=priv_
`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
43 czfthirdindex
=priv_
`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
44 czffourthindex
=priv_
`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
45 pubfirstindex
=pub_
`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
46 pubsecondindex
=pub_
`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
48 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
50 echo :$czffirstindex "- [0:0]" >> $restoretmp
51 s
=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
52 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
53 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
54 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
55 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
56 chaintrack
=\
${czffirstindex}\
${chaintrack}
59 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
61 echo :$czfsecondindex "- [0:0]" >> $restoretmp
62 s
=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
63 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
64 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
65 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
66 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
67 chaintrack
=\
${czfsecondindex}\
${chaintrack}
70 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
72 echo :$czfthirdindex "- [0:0]" >> $restoretmp
73 s
=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
74 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
75 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
76 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
77 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
78 chaintrack
=\
${czfthirdindex}\
${chaintrack}
81 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
83 echo :$czffourthindex "- [0:0]" >> $restoretmp
84 s
=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
85 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
86 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
87 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
88 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
89 chaintrack
=\
${czffourthindex}\
${chaintrack}
92 if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
94 echo :$pubfirstindex "- [0:0]" >> $restoretmp
95 s
=`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ `
96 echo -A PREROUTING
-i $wan1 -d $s -j $pubfirstindex >> $restoretmp
97 echo -A PREROUTING
-i $wan2 -d $s -j $pubfirstindex >> $restoretmp
98 echo -A PREROUTING
-i $wan3 -d $s -j $pubfirstindex >> $restoretmp
99 echo -A PREROUTING
-i $wan4 -d $s -j $pubfirstindex >> $restoretmp
100 chaintrack
=\
${pubfirstindex}\
${chaintrack}
103 if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
105 echo :$pubsecondindex "- [0:0]" >> $restoretmp
106 s
=`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ `
107 echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
108 echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
109 echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
110 echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
111 chaintrack
=\
${pubsecondindex}\
${chaintrack}
114 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
115 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
116 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
117 echo -A $pubsecondindex -i $wan4 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoretmp
119 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoretmp
120 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoretmp
121 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoretmp
122 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT
--to-source $pubip >> $restoretmp
129 # ===============================================================
130 # SNAT only using indexed iptables (should be rather function, hmm)
131 # ===============================================================
132 echo -n "Generating new iptables-restore data - one way SNAT "
134 for czfip
in `$grep -v ^# $pimp_snat|$cut -f 1 -d " "`
136 pubip
=`$grep "$czfip " $pimp_snat|$cut -f 2 -d " "`
137 czffirstindex
=priv_
`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
138 czfsecondindex
=priv_
`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
139 czfthirdindex
=priv_
`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
140 czffourthindex
=priv_
`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
142 if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
144 echo :$czffirstindex "- [0:0]" >> $restoretmp
145 s
=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
146 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
147 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
148 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
149 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
150 chaintrack
=\
${czffirstindex}\
${chaintrack}
153 if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
155 echo :$czfsecondindex "- [0:0]" >> $restoretmp
156 s
=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
157 echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
158 echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
159 echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
160 echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
161 chaintrack
=\
${czfsecondindex}\
${chaintrack}
164 if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
166 echo :$czfthirdindex "- [0:0]" >> $restoretmp
167 s
=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
168 echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
169 echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
170 echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
171 echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
172 chaintrack
=\
${czfthirdindex}\
${chaintrack}
175 if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
177 echo :$czffourthindex "- [0:0]" >> $restoretmp
178 s
=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
179 echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
180 echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
181 echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
182 echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
183 chaintrack
=\
${czffourthindex}\
${chaintrack}
186 echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoretmp
187 echo -A $czffourthindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoretmp
188 echo -A $czffourthindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoretmp
189 echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT
--to-source $pubip >> $restoretmp
195 echo COMMIT
>> $restoretmp
196 echo -n "Writing $restoredata"
197 mv $restoretmp $restoredata
This page took 0.489385 seconds and 3 git commands to generate.