2 iptables
="/sbin/iptables"
3 iptablesrestore
="/sbin/iptables-restore"
4 ifconfig
="/sbin/ifconfig"
6 #pimp files must be generated by optional-tools/make-pimp utility
7 pimp_2way_nat
="/mnt/mtdblock0/pimp-2way-nat.tmp"
8 pimp_snat
="/mnt/mtdblock0/pimp-snat.tmp"
9 etchosts
="/mnt/mtdblock0/hosts"
10 restoredata
="/mnt/mtdblock0/iptables-restore.in"
15 echo "*nat" > $restoredata
16 echo ":PREROUTING ACCEPT [0:0]" >> $restoredata
17 echo ":POSTROUTING ACCEPT [0:0]" >> $restoredata
18 echo ":OUTPUT ACCEPT [0:0]" >> $restoredata
20 # ===============================================================
21 # Symetrical SNAT-DNAT using indexed iptables
22 # ===============================================================
24 echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
26 for czfip
in `grep -v ^# $pimp_2way_nat|cut -f 1 -d " "`
28 pubip
=`grep "$czfip " $pimp_2way_nat|cut -f 2 -d " "`
29 czffirstindex
=priv_
`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
30 czfsecondindex
=priv_
`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
31 czfthirdindex
=priv_
`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
32 pubfirstindex
=pub_
`ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ |tr [./] _`
33 pubsecondindex
=pub_
`ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ |tr [./] _`
35 if ! grep $czffirstindex $restoredata > /dev
/null
37 echo :$czffirstindex "- [0:0]" >> $restoredata
38 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czffirstindex >> $restoredata
39 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czffirstindex >> $restoredata
40 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czffirstindex >> $restoredata
43 if ! grep $czfsecondindex $restoredata > /dev
/null
45 echo :$czfsecondindex "- [0:0]" >> $restoredata
46 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfsecondindex >> $restoredata
47 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfsecondindex >> $restoredata
48 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfsecondindex >> $restoredata
51 if ! grep $czfthirdindex $restoredata > /dev
/null
53 echo :$czfthirdindex "- [0:0]" >> $restoredata
54 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfthirdindex >> $restoredata
55 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfthirdindex >> $restoredata
56 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfthirdindex >> $restoredata
59 if ! grep $pubfirstindex $restoredata > /dev
/null
61 echo :$pubfirstindex "- [0:0]" >> $restoredata
62 echo -A PREROUTING
-i $wan1 -d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $restoredata
63 echo -A PREROUTING
-i $wan2 -d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $restoredata
64 echo -A PREROUTING
-i $wan3 -d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $restoredata
67 if ! grep $pubsecondindex $restoredata > /dev
/null
69 echo :$pubsecondindex "- [0:0]" >> $restoredata
70 echo -A $pubfirstindex -i $wan1 -d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $restoredata
71 echo -A $pubfirstindex -i $wan2 -d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $restoredata
72 echo -A $pubfirstindex -i $wan3 -d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $restoredata
75 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoredata
76 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoredata
77 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j DNAT
--to-destination $czfip >> $restoredata
78 echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j ACCEPT
>> $restoredata
79 echo -A $pubsecondindex -i $wan2 -d $pubip/32 -j ACCEPT
>> $restoredata
80 echo -A $pubsecondindex -i $wan3 -d $pubip/32 -j ACCEPT
>> $restoredata
83 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoredata
84 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoredata
85 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoredata
86 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j ACCEPT
>> $restoredata
87 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j ACCEPT
>> $restoredata
88 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j ACCEPT
>> $restoredata
94 echo -n "Generating new iptables-restore data - one way SNAT "
96 # ===============================================================
97 # SNAT only using indexed iptables (should be rather function, hmm)
98 # ===============================================================
100 for czfip
in `grep -v ^# $pimp_snat|cut -f 1 -d " "`
102 pubip
=`grep "$czfip " $pimp_snat|cut -f 2 -d " "`
103 czffirstindex
=priv_
`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
104 czfsecondindex
=priv_
`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
105 czfthirdindex
=priv_
`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
107 if ! grep $czffirstindex $restoredata > /dev
/null
109 echo :$czffirstindex "- [0:0]" >> $restoredata
110 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czffirstindex >> $restoredata
111 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czffirstindex >> $restoredata
112 echo -A POSTROUTING
-d ! 10.0.0.0/8 -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czffirstindex >> $restoredata
115 if ! grep $czfsecondindex $restoredata > /dev
/null
117 echo :$czfsecondindex "- [0:0]" >> $restoredata
118 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfsecondindex >> $restoredata
119 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfsecondindex >> $restoredata
120 echo -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfsecondindex >> $restoredata
123 if ! grep $czfthirdindex $restoredata > /dev
/null
125 echo :$czfthirdindex "- [0:0]" >> $restoredata
126 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan1 -j $czfthirdindex >> $restoredata
127 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan2 -j $czfthirdindex >> $restoredata
128 echo -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o $wan3 -j $czfthirdindex >> $restoredata
131 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j SNAT
--to-source $pubip >> $restoredata
132 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j SNAT
--to-source $pubip >> $restoredata
133 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j SNAT
--to-source $pubip >> $restoredata
134 echo -A $czfthirdindex -s $czfip/32 -o $wan1 -j ACCEPT
>> $restoredata
135 echo -A $czfthirdindex -s $czfip/32 -o $wan2 -j ACCEPT
>> $restoredata
136 echo -A $czfthirdindex -s $czfip/32 -o $wan3 -j ACCEPT
>> $restoredata
142 echo COMMIT
>> $restoredata
This page took 0.359925 seconds and 4 git commands to generate.