extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-06-18 15:46:55 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use the routing table rather than the ip configuration to determine masquerading

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@416 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2003-01-24 22:59:49 +00:00
parent 94c5455c9e
commit 5b101f3a81
1 changed files with 8 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
Shorewall/firewall
View File

@ -2899,46 +2899,20 @@ rules_chain() # $1 = source zone, $2 = destination zone
} }
# #
# Get primary addresses of an interface # Get the subnets routed out of a given interface
# #
get_primary_addresses() # $1 = interface name get_routed_subnets() # $1 = interface name
{ {
local address local address
local rest
ip addr show dev $1 2> /dev/null | \ ip route show dev $1 2> /dev/null |
grep inet | \ while read address rest; do
grep -v secondary | \
sed s/" "// | \
cut -d' ' -f2 | \
while read address; do
[ -z "`echo "$address" | grep '/'`" ] && address="${address}/32" [ -z "`echo "$address" | grep '/'`" ] && address="${address}/32"
echo $address echo $address
done done
} }
#
# Show network address corresponding to the passed PREFIX/VLSM using
# the ipcalc utility. This probably only works on RedHat systems :-(
#
show_network() {
local ipcalc=`which ipcalc 2> /dev/null`
local network
#
# If the distribution doesn't have ipcalc we'll just have to be ugly
#
[ -z "$ipcalc" ] && echo $1 && return
case $1 in
*/32)
echo $1
;;
*)
network=`$ipcalc -n $1`
echo ${network#*=}/${1#*/}
;;
esac
}
# #
# Set up Source NAT (including masquerading) # Set up Source NAT (including masquerading)
# #
@ -2984,7 +2958,7 @@ setup_masq()
iface="-o $interface" iface="-o $interface"
;; ;;
*) *)
subnets=`get_primary_addresses $subnet` subnets=`get_routed_subnets $subnet`
[ -z "$subnets" ] && startup_error "Unable to determine the address(es) for interface $subnet" [ -z "$subnets" ] && startup_error "Unable to determine the address(es) for interface $subnet"
subnet="$subnets" subnet="$subnets"
;; ;;
@ -3029,7 +3003,7 @@ setup_masq()
for s in $subnet; do for s in $subnet; do
addnatrule $chain -s $s $destnet $iface \ addnatrule $chain -s $s $destnet $iface \
-j SNAT --to-source $address -j SNAT --to-source $address
echo " To $destination from `show_network $s` through ${interface} using $address" echo " To $destination from $s through ${interface} using $address"
done done
else else
addnatrule $chain $destnet $iface \ addnatrule $chain $destnet $iface \
@ -3039,7 +3013,7 @@ setup_masq()
elif [ -n "$subnet" ]; then elif [ -n "$subnet" ]; then
for s in $subnet; do for s in $subnet; do
addnatrule $chain -s $s $destnet $iface -j MASQUERADE addnatrule $chain -s $s $destnet $iface -j MASQUERADE
echo " To $destination from `show_network $s` through ${interface}" echo " To $destination from $s through ${interface}"
done done
else else
addnatrule $chain $destnet $iface -j MASQUERADE addnatrule $chain $destnet $iface -j MASQUERADE