--- /dev/null
+#!/bin/sh
+
+# enable access to WAN device on router node from LAN clients
+#
+
+set -x
+
+## INTERFACES(5)
+# IFACE physical name of the interface being processed
+# METHOD method of the interface (e.g., static)
+# MODE start if run from ifup, stop if run from ifdown
+# PHASE as per MODE, but with finer granularity, distinguishing the pre-
+# up, post-up, pre-down and post-down phases.
+
+LANIF="${1:?"usage: $0 <LAN_device> "}"
+
+LANIP=`/sbin/ip addr show dev ${LANIF} | grep -w inet | tr -s ' ' | cut -d ' ' -f 3 | cut -d / -f 1`
+LANMASK=`/sbin/ip route show dev ${LANIF} | grep -w ${LANIP} | tr -s ' ' | cut -d ' ' -f 1`
+
+WANIP=`/sbin/ip addr show dev ${IFACE} | grep -w inet | tr -s ' ' | cut -d ' ' -f 3 | cut -d / -f 1`
+
+if [ "${PHASE}" = "pre-down" ]; then
+ # delete rule and exit
+ /sbin/iptables -t nat -D PREROUTING -i ${LANIF} -s ${LANMASK} -d ${WANIP} -j DNAT --to-destination ${LANIP}
+ echo "remove rule for access to WAN device on router node from LAN clients"
+ exit
+fi
+
+
+# set rule
+/sbin/iptables -t nat -A PREROUTING -i ${LANIF} -s ${LANMASK} -d ${WANIP} -j DNAT --to-destination ${LANIP}
+echo "set rule for access to WAN device on router node from LAN clients"
--- /dev/null
+#!/bin/sh
+
+# set IP MASQUERADE with post-up command in INTERFACES(5)
+
+
+set -x
+
+## INTERFACES(5)
+# IFACE physical name of the interface being processed
+# METHOD method of the interface (e.g., static)\r
+# MODE start if run from ifup, stop if run from ifdown\r
+# PHASE as per MODE, but with finer granularity, distinguishing the pre-\r
+# up, post-up, pre-down and post-down phases.\r
+
+# optional argument to set default gateway devices connected to WAN manually
+# (try each of them in order)
+
+if [ "${PHASE}" = "post-down" ]; then
+ # remove MASQUERADE rule and exit
+ /sbin/iptables -t nat -D POSTROUTING -o ${IFACE} -j MASQUERADE
+ exit
+fi
+
+
+# set MASQUERADE rule
+/sbin/iptables -t nat -A POSTROUTING -o ${IFACE} -j MASQUERADE
projects / lab.git / commitdiff