forked from extern/shorewall_code
Add NETMAP processing
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5689 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
f5c43291bb
commit
9c3050d071
@ -46,6 +46,7 @@ our @EXPORT = qw( STANDARD
|
||||
INPUT_RESTRICT
|
||||
OUTPUT_RESTRICT
|
||||
POSTROUTE_RESTRICT
|
||||
ALL_RESTRICT
|
||||
|
||||
add_command
|
||||
add_rule
|
||||
@ -306,6 +307,7 @@ sub chain_base($) {
|
||||
|
||||
$chain =~ s/^@/at_/;
|
||||
$chain =~ s/[.\-%@]/_/g;
|
||||
$chain =~ s/\+$//;
|
||||
$chain;
|
||||
}
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@ use Shorewall::IPAddrs;
|
||||
use strict;
|
||||
|
||||
our @ISA = qw(Exporter);
|
||||
our @EXPORT = qw( setup_masq setup_nat add_addresses );
|
||||
our @EXPORT = qw( setup_masq setup_nat setup_netmap add_addresses );
|
||||
our @EXPORT_OK = ();
|
||||
our @VERSION = 1.00;
|
||||
|
||||
@ -376,6 +376,32 @@ sub setup_nat() {
|
||||
$comment = '';
|
||||
}
|
||||
|
||||
#
|
||||
# Setup Network Mapping
|
||||
#
|
||||
sub setup_netmap() {
|
||||
|
||||
open NM, "$ENV{TMP_DIR}/netmap" or fatal_error "Unable to open stripped netmap file: $!";
|
||||
|
||||
while ( $line = <NM> ) {
|
||||
|
||||
my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file';
|
||||
|
||||
if ( $type eq 'DNAT' ) {
|
||||
add_rule ensure_chain( 'nat' , input_chain $interface ) , "-d $net1 -j NETMAP --to $net2";
|
||||
} elsif ( $type eq 'SNAT' ) {
|
||||
add_rule ensure_chain( 'nat' , output_chain $interface ) , "-s $net1 -j NETMAP --to $net2";
|
||||
} else {
|
||||
fatal_error "Invalid type $type in netmap entry \"$line\"";
|
||||
}
|
||||
|
||||
progress_message " Network $net1 on $interface mapped to $net2 ($type)";
|
||||
|
||||
}
|
||||
|
||||
close NM;
|
||||
}
|
||||
|
||||
sub add_addresses () {
|
||||
if ( @addresses_to_add ) {
|
||||
my $arg = '';
|
||||
|
||||
@ -91,7 +91,7 @@ sub process_tos() {
|
||||
$src =~ s/^all:?//;
|
||||
}
|
||||
|
||||
dst =~ s/^all:?//;
|
||||
$dst =~ s/^all:?//;
|
||||
|
||||
expand_rule
|
||||
$chainref ,
|
||||
|
||||
@ -47,11 +47,11 @@ use Shorewall::Chains;
|
||||
use Shorewall::Zones;
|
||||
use Shorewall::Interfaces;
|
||||
use Shorewall::Hosts;
|
||||
use Shorewall::Policy;
|
||||
use Shorewall::Nat;
|
||||
use Shorewall::Providers;
|
||||
use Shorewall::Tc;
|
||||
use Shorewall::Tunnels;
|
||||
use Shorewall::Policy;
|
||||
use Shorewall::Macros;
|
||||
use Shorewall::Actions;
|
||||
use Shorewall::Accounting;
|
||||
@ -672,6 +672,7 @@ sub compile_firewall( $ ) {
|
||||
emit "\nundo_routing";
|
||||
emit 'restore_default_route';
|
||||
}
|
||||
|
||||
#
|
||||
# TCRules and Traffic Shaping
|
||||
#
|
||||
@ -717,6 +718,12 @@ sub compile_firewall( $ ) {
|
||||
#
|
||||
progress_message2 "$doing one-to-one NAT...";
|
||||
setup_nat;
|
||||
#
|
||||
# Setup NETMAP
|
||||
#
|
||||
progress_message2 "$doing NETMAP...";
|
||||
setup_netmap;
|
||||
#
|
||||
# Accounting.
|
||||
#
|
||||
progress_message2 "Setting UP Accounting...";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user