Allow labels for aliases added under ADD_SNAT_ALIASES; improve masquerade algorithm

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@417 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-01-24 23:43:22 +00:00
parent 5b101f3a81
commit 4964497aa3
2 changed files with 53 additions and 30 deletions

View File

@ -2921,12 +2921,32 @@ setup_masq()
setup_one() {
local using
if [ "$interface" = "${interface%:*}" ]; then
destnet="0.0.0.0/0"
else
destnet="${interface#*:}"
interface="${interface%:*}"
fi
case $fullinterface in
*:*:*)
# Both alias name and subnet
destnet="${fullinterface##*:}"
fullinterface="${fullinterface%:*}"
;;
*:*)
# Alias name OR subnet
case ${fullinterface#*:} in
*.*)
# It's a subnet
destnet="${fullinterface#*:}"
fullinterface="${fullinterface%:*}"
;;
*)
#it's an alias name
destnet="0.0.0.0/0"
;;
esac
;;
*)
destnet="0.0.0.0/0"
;;
esac
interface=${fullinterface%:*}
if ! list_search $interface $all_interfaces; then
fatal_error "Error: Unknown interface $interface"
@ -2966,7 +2986,7 @@ setup_masq()
if [ -n "$address" -a -n "$ADD_SNAT_ALIASES" ]; then
list_search $address $aliases_to_add || \
aliases_to_add="$aliases_to_add $address $interface"
aliases_to_add="$aliases_to_add $address $fullinterface"
fi
destination=$destnet
@ -2998,23 +3018,19 @@ setup_masq()
destnet="-d $destnet"
fi
if [ -n "$address" ]; then
if [ -n "$subnet" ]; then
for s in $subnet; do
addnatrule $chain -s $s $destnet $iface \
-j SNAT --to-source $address
echo " To $destination from $s through ${interface} using $address"
done
else
addnatrule $chain $destnet $iface \
-j SNAT --to-source $address
echo " To $destination from $source through ${interface} using $address"
fi
elif [ -n "$subnet" ]; then
if [ -n "$subnet" ]; then
for s in $subnet; do
addnatrule $chain -s $s $destnet $iface -j MASQUERADE
echo " To $destination from $s through ${interface}"
if [ -n "$address" ]; then
addnatrule $chain -s $s $destnet $iface -j SNAT --to-source $address
echo " To $destination from $s through ${interface} using $address"
else
addnatrule $chain -s $s $destnet $iface -j MASQUERADE
echo " To $destination from $s through ${interface}"
fi
done
elif [ -n "$address" ]; then
addnatrule $chain $destnet $iface -j SNAT --to-source $address
echo " To $destination from $source through ${interface} using $address"
else
addnatrule $chain $destnet $iface -j MASQUERADE
echo " To $destination from $source through ${interface}"
@ -3026,8 +3042,8 @@ setup_masq()
[ -n "$NAT_ENABLED" ] && echo "Masqueraded Subnets and Hosts:"
while read interface subnet address; do
expandv interface subnet address
while read fullinterface subnet address; do
expandv fullinterface subnet address
[ -n "$NAT_ENABLED" ] && setup_one || \
error_message "Warning: NAT disabled; masq rule ignored"
done < $TMP_DIR/masq

View File

@ -9,7 +9,15 @@
# Columns are:
#
# INTERFACE -- Outgoing interface. This is usually your internet
# interface. This may be qualified by adding the character
# interface. If ADD_SNAT_ALIASES=Yes in
# /etc/shorewall/shorewall.conf, you may add ":" and
# a digit to indicate that you want the alias added with
# that name (e.g., eth0:0). This will allow the alias to
# be displayed with ifconfig. THAT IS THE ONLY USE FOR
# THE ALIAS NAME AND IT MAY NOT APPEAR IN ANY OTHER
# PLACE IN YOUR SHOREWALL CONFIGURATION.
#
# This may be qualified by adding the character
# ":" followed by a destination host or subnet.
#
#
@ -74,13 +82,12 @@
# Example 4:
#
# You want all outgoing traffic from 192.168.1.0/24 through
# eth0 to use source address 206.124.146.176.
# eth0 to use source address 206.124.146.176 which is NOT the
# primary address of eth0. You want 206.124.146.176 added to
# be added to eth0 with name eth0:0.
#
# eth0 192.168.1.0/24 206.124.146.176
# eth0:0 192.168.1.0/24 206.124.146.176
#
# This would normally be done when you have a static external
# IP address since it makes the processing of outgoing
# packets somewhat faster.
##############################################################################
#INTERFACE SUBNET ADDRESS
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE