* add a simple explanation to a script

[lab.git] / iptables / setnapt.sh

diff --git a/iptables/setnapt.sh b/iptables/setnapt.sh
new file mode 100644 (file)
index 0000000..d34ba37
--- /dev/null
+++ b/iptables/setnapt.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+
+# set IP MASQUERADE for listed devices
+# this script must be set on the LAN gateway device
+
+
+set -x
+
+## INTERFACES(5)
+# IFACE  physical name of the interface being processed
+# METHOD method of the interface (e.g., static)\r
+# MODE   start if run from ifup, stop if run from ifdown\r
+# PHASE  as per MODE, but with finer granularity, distinguishing the pre-\r
+#        up, post-up, pre-down and post-down phases.\r
+
+# optional argument to set default gateway devices connected to WAN manually
+# (try each of them in order)
+GATEWAYS="$@"
+
+if [ "${PHASE}" = "post-down" ]; then
+    # flush POSTROUTING chain and exit
+    /sbin/iptables -t nat -F POSTROUTING
+    exit
+fi
+
+
+(
+
+# wait for initialization of WAN device with DHCPd 
+sleep 60
+
+if [ -z "${GATEWAYS}" ]; then
+    GATEWAYS=`/sbin/ip route show table main | grep -w default | cut -d ' ' -f 5`
+fi
+
+for GW in ${GATEWAYS}; do
+    if [ ${GW} = ${IFACE} ]; then
+        # skip if device is the LAN gateway
+        continue
+    fi
+    
+    IPADDR=`/sbin/ip addr show dev ${GW} | grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | cut -d / -f 1`
+    if [ -z "${IPADDR}" ]; then
+        # device doesn't seem to have an IP address
+        break
+    fi
+    
+    ## set masquerade rule to all devices
+    #  because there is no way to know which one is default gateway
+    #  without manual specification
+    /sbin/iptables -t nat -A POSTROUTING -o ${GW} -j MASQUERADE
+done
+
+) &