extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-20 17:58:07 +02:00
Code Issues Packages Projects Releases Wiki Activity

Allow labels for aliases added under ADD_SNAT_ALIASES; improve masquerade algorithm

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@417 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-01-24 23:43:22 +00:00
parent 5b101f3a81
commit 4964497aa3
2 changed files with 53 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Shorewall/firewall
View File

@ -2921,12 +2921,32 @@ setup_masq()
setup_one() { setup_one() {
local using local using
if [ "$interface" = "${interface%:*}" ]; then case $fullinterface in
*:*:*)
# Both alias name and subnet
destnet="${fullinterface##*:}"
fullinterface="${fullinterface%:*}"
;;
*:*)
# Alias name OR subnet
case ${fullinterface#*:} in
*.*)
# It's a subnet
destnet="${fullinterface#*:}"
fullinterface="${fullinterface%:*}"
;;
*)
#it's an alias name
destnet="0.0.0.0/0" destnet="0.0.0.0/0"
else ;;
destnet="${interface#*:}" esac
interface="${interface%:*}" ;;
fi *)
destnet="0.0.0.0/0"
;;
esac
interface=${fullinterface%:*}
if ! list_search $interface $all_interfaces; then if ! list_search $interface $all_interfaces; then
fatal_error "Error: Unknown interface $interface" fatal_error "Error: Unknown interface $interface"
@ -2966,7 +2986,7 @@ setup_masq()
if [ -n "$address" -a -n "$ADD_SNAT_ALIASES" ]; then if [ -n "$address" -a -n "$ADD_SNAT_ALIASES" ]; then
list_search $address $aliases_to_add || \ list_search $address $aliases_to_add || \
aliases_to_add="$aliases_to_add $address $interface" aliases_to_add="$aliases_to_add $address $fullinterface"
fi fi
destination=$destnet destination=$destnet
@ -2998,23 +3018,19 @@ setup_masq()
destnet="-d $destnet" destnet="-d $destnet"
fi fi
if [ -n "$address" ]; then
if [ -n "$subnet" ]; then if [ -n "$subnet" ]; then
for s in $subnet; do for s in $subnet; do
addnatrule $chain -s $s $destnet $iface \ if [ -n "$address" ]; then
-j SNAT --to-source $address addnatrule $chain -s $s $destnet $iface -j SNAT --to-source $address
echo " To $destination from $s through ${interface} using $address" echo " To $destination from $s through ${interface} using $address"
done
else else
addnatrule $chain $destnet $iface \
-j SNAT --to-source $address
echo " To $destination from $source through ${interface} using $address"
fi
elif [ -n "$subnet" ]; then
for s in $subnet; do
addnatrule $chain -s $s $destnet $iface -j MASQUERADE addnatrule $chain -s $s $destnet $iface -j MASQUERADE
echo " To $destination from $s through ${interface}" echo " To $destination from $s through ${interface}"
fi
done done
elif [ -n "$address" ]; then
addnatrule $chain $destnet $iface -j SNAT --to-source $address
echo " To $destination from $source through ${interface} using $address"
else else
addnatrule $chain $destnet $iface -j MASQUERADE addnatrule $chain $destnet $iface -j MASQUERADE
echo " To $destination from $source through ${interface}" echo " To $destination from $source through ${interface}"
@ -3026,8 +3042,8 @@ setup_masq()
[ -n "$NAT_ENABLED" ] && echo "Masqueraded Subnets and Hosts:" [ -n "$NAT_ENABLED" ] && echo "Masqueraded Subnets and Hosts:"
while read interface subnet address; do while read fullinterface subnet address; do
expandv interface subnet address expandv fullinterface subnet address
[ -n "$NAT_ENABLED" ] && setup_one || \ [ -n "$NAT_ENABLED" ] && setup_one || \
error_message "Warning: NAT disabled; masq rule ignored" error_message "Warning: NAT disabled; masq rule ignored"
done < $TMP_DIR/masq done < $TMP_DIR/masq

19
Shorewall/masq
View File

@ -9,7 +9,15 @@
# Columns are: # Columns are:
# #
# INTERFACE -- Outgoing interface. This is usually your internet # INTERFACE -- Outgoing interface. This is usually your internet
# interface. This may be qualified by adding the character # interface. If ADD_SNAT_ALIASES=Yes in
# /etc/shorewall/shorewall.conf, you may add ":" and
# a digit to indicate that you want the alias added with
# that name (e.g., eth0:0). This will allow the alias to
# be displayed with ifconfig. THAT IS THE ONLY USE FOR
# THE ALIAS NAME AND IT MAY NOT APPEAR IN ANY OTHER
# PLACE IN YOUR SHOREWALL CONFIGURATION.
#
# This may be qualified by adding the character
# ":" followed by a destination host or subnet. # ":" followed by a destination host or subnet.
# #
# #
@ -74,13 +82,12 @@
# Example 4: # Example 4:
# #
# You want all outgoing traffic from 192.168.1.0/24 through # You want all outgoing traffic from 192.168.1.0/24 through
# eth0 to use source address 206.124.146.176. # eth0 to use source address 206.124.146.176 which is NOT the
# primary address of eth0. You want 206.124.146.176 added to
# be added to eth0 with name eth0:0.
# #
# eth0 192.168.1.0/24 206.124.146.176 # eth0:0 192.168.1.0/24 206.124.146.176
# #
# This would normally be done when you have a static external
# IP address since it makes the processing of outgoing
# packets somewhat faster.
############################################################################## ##############################################################################
#INTERFACE SUBNET ADDRESS #INTERFACE SUBNET ADDRESS
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE