From 4a36a1b26f4cdc2dc3d06d7b3c4ac895b0083b2f Mon Sep 17 00:00:00 2001 From: mitty Date: Wed, 1 Jul 2009 05:49:18 +0000 Subject: [PATCH] * add a simple explanation to a script * setnapt.sh * script for setting up IP MASQUERADE git-svn-id: https://lab.mitty.jp/svn/lab/trunk@8 7d2118f6-f56c-43e7-95a2-4bb3031d96e7 --- iproute/setroute.sh | 5 ++++- iptables/setnapt.sh | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100644 iptables/setnapt.sh diff --git a/iproute/setroute.sh b/iproute/setroute.sh index 668fc59..2ff477e 100644 --- a/iproute/setroute.sh +++ b/iproute/setroute.sh @@ -1,5 +1,8 @@ #!/bin/sh +# set individualized routing table and policy for each network device + + set -x ## INTERFACES(5) @@ -28,7 +31,7 @@ fi # get IP address, network mask, default gateway info IPADDR=`/sbin/ip addr show dev ${IFACE} | grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | cut -d / -f 1` -if [ -z ${IPADDR} ]; then +if [ -z "${IPADDR}" ]; then # fail to bind IP address to device echo "${IFACE} has no IP address." exit diff --git a/iptables/setnapt.sh b/iptables/setnapt.sh new file mode 100644 index 0000000..d34ba37 --- /dev/null +++ b/iptables/setnapt.sh @@ -0,0 +1,54 @@ +#!/bin/sh + +# set IP MASQUERADE for listed devices +# this script must be set on the LAN gateway device + + +set -x + +## INTERFACES(5) +# IFACE physical name of the interface being processed +# METHOD method of the interface (e.g., static) +# MODE start if run from ifup, stop if run from ifdown +# PHASE as per MODE, but with finer granularity, distinguishing the pre- +# up, post-up, pre-down and post-down phases. + +# optional argument to set default gateway devices connected to WAN manually +# (try each of them in order) +GATEWAYS="$@" + +if [ "${PHASE}" = "post-down" ]; then + # flush POSTROUTING chain and exit + /sbin/iptables -t nat -F POSTROUTING + exit +fi + + +( + +# wait for initialization of WAN device with DHCPd +sleep 60 + +if [ -z "${GATEWAYS}" ]; then + GATEWAYS=`/sbin/ip route show table main | grep -w default | cut -d ' ' -f 5` +fi + +for GW in ${GATEWAYS}; do + if [ ${GW} = ${IFACE} ]; then + # skip if device is the LAN gateway + continue + fi + + IPADDR=`/sbin/ip addr show dev ${GW} | grep -w inet | cut -d t -f 2 | cut -d ' ' -f 2 | cut -d / -f 1` + if [ -z "${IPADDR}" ]; then + # device doesn't seem to have an IP address + break + fi + + ## set masquerade rule to all devices + # because there is no way to know which one is default gateway + # without manual specification + /sbin/iptables -t nat -A POSTROUTING -o ${GW} -j MASQUERADE +done + +) & -- 1.7.9.5