From e829fd8dfc421a415a74d8719469a1a7c024e438 Mon Sep 17 00:00:00 2001 From: mitty Date: Tue, 7 Jul 2009 10:33:04 +0000 Subject: [PATCH] * setlan2wan.sh * see #4 * setmasq.sh * replacement for setnapt.sh git-svn-id: https://lab.mitty.jp/svn/lab/trunk@16 7d2118f6-f56c-43e7-95a2-4bb3031d96e7 --- iptables/setlan2wan.sh | 32 ++++++++++++++++++++++++++++++++ iptables/setmasq.sh | 26 ++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 iptables/setlan2wan.sh create mode 100755 iptables/setmasq.sh diff --git a/iptables/setlan2wan.sh b/iptables/setlan2wan.sh new file mode 100644 index 0000000..ca9e94a --- /dev/null +++ b/iptables/setlan2wan.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +# enable access to WAN device on router node from LAN clients +# + +set -x + +## INTERFACES(5) +# IFACE physical name of the interface being processed +# METHOD method of the interface (e.g., static) +# MODE start if run from ifup, stop if run from ifdown +# PHASE as per MODE, but with finer granularity, distinguishing the pre- +# up, post-up, pre-down and post-down phases. + +LANIF="${1:?"usage: $0 "}" + +LANIP=`/sbin/ip addr show dev ${LANIF} | grep -w inet | tr -s ' ' | cut -d ' ' -f 3 | cut -d / -f 1` +LANMASK=`/sbin/ip route show dev ${LANIF} | grep -w ${LANIP} | tr -s ' ' | cut -d ' ' -f 1` + +WANIP=`/sbin/ip addr show dev ${IFACE} | grep -w inet | tr -s ' ' | cut -d ' ' -f 3 | cut -d / -f 1` + +if [ "${PHASE}" = "pre-down" ]; then + # delete rule and exit + /sbin/iptables -t nat -D PREROUTING -i ${LANIF} -s ${LANMASK} -d ${WANIP} -j DNAT --to-destination ${LANIP} + echo "remove rule for access to WAN device on router node from LAN clients" + exit +fi + + +# set rule +/sbin/iptables -t nat -A PREROUTING -i ${LANIF} -s ${LANMASK} -d ${WANIP} -j DNAT --to-destination ${LANIP} +echo "set rule for access to WAN device on router node from LAN clients" diff --git a/iptables/setmasq.sh b/iptables/setmasq.sh new file mode 100755 index 0000000..0f3f80f --- /dev/null +++ b/iptables/setmasq.sh @@ -0,0 +1,26 @@ +#!/bin/sh + +# set IP MASQUERADE with post-up command in INTERFACES(5) + + +set -x + +## INTERFACES(5) +# IFACE physical name of the interface being processed +# METHOD method of the interface (e.g., static) +# MODE start if run from ifup, stop if run from ifdown +# PHASE as per MODE, but with finer granularity, distinguishing the pre- +# up, post-up, pre-down and post-down phases. + +# optional argument to set default gateway devices connected to WAN manually +# (try each of them in order) + +if [ "${PHASE}" = "post-down" ]; then + # remove MASQUERADE rule and exit + /sbin/iptables -t nat -D POSTROUTING -o ${IFACE} -j MASQUERADE + exit +fi + + +# set MASQUERADE rule +/sbin/iptables -t nat -A POSTROUTING -o ${IFACE} -j MASQUERADE -- 1.7.9.5