forked from extern/shorewall_code
Improve handling of PREROUTING for NAT
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@102 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
750d40ce03
commit
338673c29a
@ -1206,7 +1206,7 @@ setup_nat() {
|
|||||||
-j DNAT --to-destination $internal
|
-j DNAT --to-destination $internal
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
run_iptables -t nat -A PREROUTING -i $interface \
|
addnatrule `input_chain $interface` \
|
||||||
-d $external -j DNAT --to-destination $internal
|
-d $external -j DNAT --to-destination $internal
|
||||||
run_iptables -t nat -A POSTROUTING -o $interface \
|
run_iptables -t nat -A POSTROUTING -o $interface \
|
||||||
-s $internal -j SNAT --to-source $external
|
-s $internal -j SNAT --to-source $external
|
||||||
@ -2843,6 +2843,13 @@ activate_rules() {
|
|||||||
|
|
||||||
multi_interfaces=`find_interfaces_by_option multi`
|
multi_interfaces=`find_interfaces_by_option multi`
|
||||||
|
|
||||||
|
for interface in $all_interfaces; do
|
||||||
|
chain=`input_chain $interface`
|
||||||
|
|
||||||
|
havenatchain $chain && \
|
||||||
|
run_iptables -t nat -A PREROUTING -i $interface -j $chain
|
||||||
|
done
|
||||||
|
|
||||||
for zone in $zones; do
|
for zone in $zones; do
|
||||||
eval source_hosts=\$${zone}_hosts
|
eval source_hosts=\$${zone}_hosts
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user