holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Add NETMAP processing

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5689 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-03-25 21:04:24 +00:00
parent f5c43291bb
commit 9c3050d071
4 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
New/Shorewall/Chains.pm
View File

@ -46,6 +46,7 @@ our @EXPORT = qw( STANDARD
INPUT_RESTRICT INPUT_RESTRICT
OUTPUT_RESTRICT OUTPUT_RESTRICT
POSTROUTE_RESTRICT POSTROUTE_RESTRICT
ALL_RESTRICT
add_command add_command
add_rule add_rule
@ -306,6 +307,7 @@ sub chain_base($) {
$chain =~ s/^@/at_/; $chain =~ s/^@/at_/;
$chain =~ s/[.\-%@]/_/g; $chain =~ s/[.\-%@]/_/g;
$chain =~ s/\+$//;
$chain; $chain;
} }

28
New/Shorewall/Nat.pm
View File

@ -32,7 +32,7 @@ use Shorewall::IPAddrs;
use strict; use strict;
our @ISA = qw(Exporter); our @ISA = qw(Exporter);
our @EXPORT = qw( setup_masq setup_nat add_addresses ); our @EXPORT = qw( setup_masq setup_nat setup_netmap add_addresses );
our @EXPORT_OK = (); our @EXPORT_OK = ();
our @VERSION = 1.00; our @VERSION = 1.00;
@ -376,6 +376,32 @@ sub setup_nat() {
$comment = ''; $comment = '';
} }
#
# Setup Network Mapping
#
sub setup_netmap() {
open NM, "$ENV{TMP_DIR}/netmap" or fatal_error "Unable to open stripped netmap file: $!";
while ( $line = <NM> ) {
my ( $type, $net1, $interface, $net2 ) = split_line 4, 'netmap file';
if ( $type eq 'DNAT' ) {
add_rule ensure_chain( 'nat' , input_chain $interface ) , "-d $net1 -j NETMAP --to $net2";
} elsif ( $type eq 'SNAT' ) {
add_rule ensure_chain( 'nat' , output_chain $interface ) , "-s $net1 -j NETMAP --to $net2";
} else {
fatal_error "Invalid type $type in netmap entry \"$line\"";
}
progress_message " Network $net1 on $interface mapped to $net2 ($type)";
}
close NM;
}
sub add_addresses () { sub add_addresses () {
if ( @addresses_to_add ) { if ( @addresses_to_add ) {
my $arg = ''; my $arg = '';

2
New/Shorewall/Rules.pm
View File

@ -91,7 +91,7 @@ sub process_tos() {
$src =~ s/^all:?//; $src =~ s/^all:?//;
} }
dst =~ s/^all:?//; $dst =~ s/^all:?//;
expand_rule expand_rule
$chainref , $chainref ,

9
New/compiler.pl
View File

@ -47,11 +47,11 @@ use Shorewall::Chains;
use Shorewall::Zones; use Shorewall::Zones;
use Shorewall::Interfaces; use Shorewall::Interfaces;
use Shorewall::Hosts; use Shorewall::Hosts;
use Shorewall::Policy;
use Shorewall::Nat; use Shorewall::Nat;
use Shorewall::Providers; use Shorewall::Providers;
use Shorewall::Tc; use Shorewall::Tc;
use Shorewall::Tunnels; use Shorewall::Tunnels;
use Shorewall::Policy;
use Shorewall::Macros; use Shorewall::Macros;
use Shorewall::Actions; use Shorewall::Actions;
use Shorewall::Accounting; use Shorewall::Accounting;
@ -672,6 +672,7 @@ sub compile_firewall( $ ) {
emit "\nundo_routing"; emit "\nundo_routing";
emit 'restore_default_route'; emit 'restore_default_route';
} }
# #
# TCRules and Traffic Shaping # TCRules and Traffic Shaping
# #
@ -717,6 +718,12 @@ sub compile_firewall( $ ) {
# #
progress_message2 "$doing one-to-one NAT..."; progress_message2 "$doing one-to-one NAT...";
setup_nat; setup_nat;
#
# Setup NETMAP
#
progress_message2 "$doing NETMAP...";
setup_netmap;
#
# Accounting. # Accounting.
# #
progress_message2 "Setting UP Accounting..."; progress_message2 "Setting UP Accounting...";