3 iptables
="/sbin/iptables"
4 ifconfig
="/sbin/ifconfig"
6 #pimp files must be generated by optional-tools/make-pimp utility
7 pimp_2way_nat
="/rw/var/run/pimp-2way-nat.tmp"
8 pimp_snat
="/rw/var/run/pimp-snat.tmp"
9 etchosts
="/rw/etc/hosts"
10 script="/rw/etc/network/snat-dnat"
12 echo "#!/bin/bash" > $script
13 echo $iptables -t nat
-F >> $script
14 echo $iptables -t nat
-X >> $script
15 echo "echo -n \"Setting firewall rules \"" >> $script
17 # ===============================================================
18 # Symetrical SNAT-DNAT using indexed iptables
19 # ===============================================================
21 echo -n "Generating new iptables rules "
23 for czfip
in `grep -v ^# $pimp_2way_nat|cut -f 1 -d " "`
25 pubip
=`grep "$czfip " $pimp_2way_nat|cut -f 2 -d " "`
26 czffirstindex
=priv_
`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
27 czfsecondindex
=priv_
`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
28 czfthirdindex
=priv_
`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
29 pubfirstindex
=pub_
`ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ |tr [./] _`
30 pubsecondindex
=pub_
`ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ |tr [./] _`
32 if ! grep $czffirstindex $script > /dev
/null
34 echo $iptables -t nat
-N $czffirstindex >> $script
35 echo $iptables -t nat
-F $czffirstindex >> $script
36 echo $iptables -t nat
-A POSTROUTING
-s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o eth1
-j $czffirstindex >> $script
39 if ! grep $czfsecondindex $script > /dev
/null
41 echo $iptables -t nat
-N $czfsecondindex >> $script
42 echo $iptables -t nat
-F $czfsecondindex >> $script
43 echo $iptables -t nat
-A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o eth1
-j $czfsecondindex >> $script
46 if ! grep $czfthirdindex $script > /dev
/null
48 echo $iptables -t nat
-N $czfthirdindex >> $script
49 echo $iptables -t nat
-F $czfthirdindex >> $script
50 echo $iptables -t nat
-A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o eth1
-j $czfthirdindex >> $script
53 if ! grep $pubfirstindex $script > /dev
/null
55 echo $iptables -t nat
-N $pubfirstindex >> $script
56 echo $iptables -t nat
-F $pubfirstindex >> $script
57 echo $iptables -t nat
-A PREROUTING
-i eth1
-d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $script
60 if ! grep $pubsecondindex $script > /dev
/null
62 echo $iptables -t nat
-N $pubsecondindex >> $script
63 echo $iptables -t nat
-F $pubsecondindex >> $script
64 echo $iptables -t nat
-A $pubfirstindex -i eth1
-d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $script
67 echo $iptables -t nat
-A $pubsecondindex -i eth1
-d $pubip/32 -j DNAT
--to-destination $czfip >> $script
68 echo $iptables -t nat
-A $pubsecondindex -i eth1
-d $pubip/32 -j ACCEPT
>> $script
70 echo $iptables -t nat
-A $czfthirdindex -s $czfip/32 -o eth1
-j SNAT
--to-source $pubip >> $script
71 echo $iptables -t nat
-A $czfthirdindex -s $czfip/32 -o eth1
-j ACCEPT
>> $script
74 echo "echo -n ." >>$script
78 # ===============================================================
79 # SNAT only using indexed iptables (should be rather function, hmm)
80 # ===============================================================
82 for czfip
in `grep -v ^# $pimp_snat|cut -f 1 -d " "`
84 pubip
=`grep "$czfip " $pimp_snat|cut -f 2 -d " "`
85 czffirstindex
=priv_
`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
86 czfsecondindex
=priv_
`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
87 czfthirdindex
=priv_
`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
89 if ! grep $czffirstindex $script > /dev
/null
91 echo $iptables -t nat
-N $czffirstindex >> $script
92 echo $iptables -t nat
-F $czffirstindex >> $script
93 echo $iptables -t nat
-A POSTROUTING
-s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o eth1
-j $czffirstindex >> $script
96 if ! grep $czfsecondindex $script > /dev
/null
98 echo $iptables -t nat
-N $czfsecondindex >> $script
99 echo $iptables -t nat
-F $czfsecondindex >> $script
100 echo $iptables -t nat
-A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o eth1
-j $czfsecondindex >> $script
103 if ! grep $czfthirdindex $script > /dev
/null
105 echo $iptables -t nat
-N $czfthirdindex >> $script
106 echo $iptables -t nat
-F $czfthirdindex >> $script
107 echo $iptables -t nat
-A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o eth1
-j $czfthirdindex >> $script
110 echo $iptables -t nat
-A $czfthirdindex -s $czfip/32 -o eth1
-j SNAT
--to-source $pubip >> $script
111 echo $iptables -t nat
-A $czfthirdindex -s $czfip/32 -o eth1
-j ACCEPT
>> $script
114 echo "echo -n ." >>$script
118 # ===============================================================
120 # ===============================================================
122 echo -n "Generating dashboard index rules "
124 for czfip
in `grep ^10[.] $etchosts|grep dashboard-|cut -f 1`
126 czffirstindex
=dash_
`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
127 czfsecondindex
=dash_
`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
128 czfthirdindex
=dash_
`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
130 if ! grep $czffirstindex $script > /dev
/null
132 echo $iptables -t nat
-N $czffirstindex >> $script
133 echo $iptables -t nat
-F $czffirstindex >> $script
134 echo $iptables -t nat
-A PREROUTING
-s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -i eth0
-j $czffirstindex >> $script
137 if ! grep $czfsecondindex $script > /dev
/null
139 echo $iptables -t nat
-N $czfsecondindex >> $script
140 echo $iptables -t nat
-F $czfsecondindex >> $script
141 echo $iptables -t nat
-A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -i eth0
-j $czfsecondindex >> $script
144 if ! grep $czfthirdindex $script > /dev
/null
146 echo $iptables -t nat
-N $czfthirdindex >> $script
147 echo $iptables -t nat
-F $czfthirdindex >> $script
148 echo $iptables -t nat
-A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -i eth0
-j $czfthirdindex >> $script
151 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp
--dport 80 -j REDIRECT
--to 8080 >> $script
152 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp
--dport 3128 -j REDIRECT
--to 8080 >> $script
153 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp
--dport 8080 -j ACCEPT
>> $script
154 echo $iptables -t nat
-A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -j DROP
>> $script
157 echo "echo -n ." >>$script
This page took 0.382087 seconds and 5 git commands to generate.