# $Id$
iptables="/sbin/iptables"
iptablesrestore="/sbin/iptables-restore"
+ifconfig="/sbin/ifconfig"
+grep="/bin/grep"
+cut="/usr/bin/cut"
#pimp files must be generated by optional-tools/make-pimp utility
pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
czffourthbitmask="28"
pubfirstbitmask="26"
pubsecondbitmask="29"
-chaintrack="_"
-
-# ===============================================================
-# ipcalc rewrite
-# ===============================================================
-
-gen_ipt_string() {
-eval `echo $1 | awk -F\/ '{printf "IP=%s; CIDRMASK=%s; \n", $1, $2}'`
-
-MASK_FULL_OCTETS=$(($CIDRMASK/8))
-MASK_PART_OCTETS=$(($CIDRMASK%8))
-for i in `seq 0 3`; do
- if [ "$i" -lt "$MASK_FULL_OCTETS" ]; then
- MASK+="255"
- elif [ "$i" -eq "$MASK_FULL_OCTETS" ]; then
- MASK+=$((256 - 2**(8-$MASK_PART_OCTETS)))
- else
- MASK+="0"
- fi
- [ "$i" -lt "3" ] && MASK+="."
-done
-
-eval `echo $IP | awk -F\. '{printf "IPBYTE1=%s; IPBYTE2=%s; IPBYTE3=%s; IPBYTE4=%s; \n", $1, $2, $3, $4}'`
-eval `echo $MASK | awk -F\. '{printf "MASKBYTE1=%s; MASKBYTE2=%s; MASKBYTE3=%s; MASKBYTE4=%s; \n", $1, $2, $3, $4}'`
-
-IPT_STRING="$(($IPBYTE1 & $MASKBYTE1))_$(($IPBYTE2 & $MASKBYTE2))_$(($IPBYTE3 & $MASKBYTE3))_$(($IPBYTE4 & $MASKBYTE4))_$CIDRMASK"
-echo $IPT_STRING
-}
echo "*nat" > $restoretmp
echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
# ===============================================================
# Symetrical SNAT-DNAT using indexed iptables
# ===============================================================
-echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
+echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
-while read LINE; do
- eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
- czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
- czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
- czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
- czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`
- pubfirstindex=pub_`gen_ipt_string $pubip/$pubfirstbitmask`
- pubsecondindex=pub_`gen_ipt_string $pubip/$pubsecondbitmask`
-
- if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
+for czfip in `$grep -v ^# $pimp_2way_nat|$cut -f 1 -d " "`
+do
+ pubip=`$grep "$czfip " $pimp_2way_nat|$cut -f 2 -d " "`
+ czffirstindex=priv_`ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ czfsecondindex=priv_`ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ czfthirdindex=priv_`ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ czffourthindex=priv_`ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ pubfirstindex=pub_`ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ pubsecondindex=pub_`ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+
+ if ! $grep $czffirstindex $restoretmp > /dev/null
then
echo :$czffirstindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
- chaintrack=\ ${czffirstindex}\ ${chaintrack}
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czffirstindex >> $restoretmp
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czffirstindex >> $restoretmp
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czffirstindex >> $restoretmp
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czffirstindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
+ if ! $grep $czfsecondindex $restoretmp > /dev/null
then
echo :$czfsecondindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
- echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
- echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
- echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
- chaintrack=\ ${czfsecondindex}\ ${chaintrack}
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czfsecondindex >> $restoretmp
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czfsecondindex >> $restoretmp
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czfsecondindex >> $restoretmp
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czfsecondindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
+ if ! $grep $czfthirdindex $restoretmp > /dev/null
then
echo :$czfthirdindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
- echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
- echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
- echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
- chaintrack=\ ${czfthirdindex}\ ${chaintrack}
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czfthirdindex >> $restoretmp
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czfthirdindex >> $restoretmp
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czfthirdindex >> $restoretmp
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czfthirdindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
+ if ! $grep $czffourthindex $restoretmp > /dev/null
then
echo :$czffourthindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
- echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
- echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
- echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
- chaintrack=\ ${czffourthindex}\ ${chaintrack}
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czffourthindex >> $restoretmp
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czffourthindex >> $restoretmp
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czffourthindex >> $restoretmp
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czffourthindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
+ if ! $grep $pubfirstindex $restoretmp > /dev/null
then
echo :$pubfirstindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $pubip/$pubfirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
- echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
- echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
- echo -A PREROUTING -i $wan4 -d $s -j $pubfirstindex >> $restoretmp
- chaintrack=\ ${pubfirstindex}\ ${chaintrack}
+ echo -A PREROUTING -i $wan1 -d `ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubfirstindex >> $restoretmp
+ echo -A PREROUTING -i $wan2 -d `ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubfirstindex >> $restoretmp
+ echo -A PREROUTING -i $wan3 -d `ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubfirstindex >> $restoretmp
+ echo -A PREROUTING -i $wan4 -d `ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubfirstindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
+ if ! $grep $pubsecondindex $restoretmp > /dev/null
then
echo :$pubsecondindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $pubip/$pubsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
- echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
- echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
- echo -A $pubfirstindex -i $wan4 -d $s -j $pubsecondindex >> $restoretmp
- chaintrack=\ ${pubsecondindex}\ ${chaintrack}
+ echo -A $pubfirstindex -i $wan1 -d `ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubsecondindex >> $restoretmp
+ echo -A $pubfirstindex -i $wan2 -d `ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubsecondindex >> $restoretmp
+ echo -A $pubfirstindex -i $wan3 -d `ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubsecondindex >> $restoretmp
+ echo -A $pubfirstindex -i $wan4 -d `ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ ` -j $pubsecondindex >> $restoretmp
fi
echo -A $pubsecondindex -i $wan1 -d $pubip/32 -j DNAT --to-destination $czfip >> $restoretmp
echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
echo -n .
-
-done < $pimp_2way_nat
+done
echo " done."
+echo -n "Generating new iptables-restore data - one way SNAT "
+
# ===============================================================
# SNAT only using indexed iptables (should be rather function, hmm)
# ===============================================================
-echo -n "Generating new iptables-restore data - one way SNAT "
-while read LINE; do
- eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
- czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
- czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
- czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
- czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`
+for czfip in `$grep -v ^# $pimp_snat|$cut -f 1 -d " "`
+do
+ pubip=`$grep "$czfip " $pimp_snat|$cut -f 2 -d " "`
+ czffirstindex=priv_`ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ czfsecondindex=priv_`ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ czfthirdindex=priv_`ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+ czffourthindex=priv_`ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
+ if ! $grep $czffirstindex $restoretmp > /dev/null
then
echo :$czffirstindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
- echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan4 -j $czffirstindex >> $restoretmp
- chaintrack=\ ${czffirstindex}\ ${chaintrack}
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czffirstindex >> $restoretmp
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czffirstindex >> $restoretmp
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czffirstindex >> $restoretmp
+ echo -A POSTROUTING -d ! 10.0.0.0/8 -s `ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czffirstindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
+ if ! $grep $czfsecondindex $restoretmp > /dev/null
then
echo :$czfsecondindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
- echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
- echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
- echo -A $czffirstindex -s $s -o $wan4 -j $czfsecondindex >> $restoretmp
- chaintrack=\ ${czfsecondindex}\ ${chaintrack}
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czfsecondindex >> $restoretmp
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czfsecondindex >> $restoretmp
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czfsecondindex >> $restoretmp
+ echo -A $czffirstindex -s `ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czfsecondindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
+ if ! $grep $czfthirdindex $restoretmp > /dev/null
then
echo :$czfthirdindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
- echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
- echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
- echo -A $czfsecondindex -s $s -o $wan4 -j $czfthirdindex >> $restoretmp
- chaintrack=\ ${czfthirdindex}\ ${chaintrack}
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czfthirdindex >> $restoretmp
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czfthirdindex >> $restoretmp
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czfthirdindex >> $restoretmp
+ echo -A $czfsecondindex -s `ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czfthirdindex >> $restoretmp
fi
- if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
+ if ! $grep $czffourthindex $restoretmp > /dev/null
then
echo :$czffourthindex "- [0:0]" >> $restoretmp
- s=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
- echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
- echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
- echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
- echo -A $czfthirdindex -s $s -o $wan4 -j $czffourthindex >> $restoretmp
- chaintrack=\ ${czffourthindex}\ ${chaintrack}
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan1 -j $czffourthindex >> $restoretmp
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan2 -j $czffourthindex >> $restoretmp
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan3 -j $czffourthindex >> $restoretmp
+ echo -A $czfthirdindex -s `ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ ` -o $wan4 -j $czffourthindex >> $restoretmp
fi
echo -A $czffourthindex -s $czfip/32 -o $wan1 -j SNAT --to-source $pubip >> $restoretmp
echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
echo -n .
-done < $pimp_snat
+done
echo " done."
echo COMMIT >> $restoretmp
-echo -n "Writing $restoredata"
mv $restoretmp $restoredata
GIT.Harvie.CZ / svn / Prometheus-QoS / .git / commitdiff
