source: lab.git/TipAndDoc/iptables/setnapt.sh @ 1be8507

trunk
Last change on this file since 1be8507 was 8333ea0, checked in by mitty <mitty@…>, 14 years ago

git-svn-id: https://lab.mitty.jp/svn/lab/trunk@92 7d2118f6-f56c-43e7-95a2-4bb3031d96e7

  • Property mode set to 100755
File size: 1.4 KB
Line 
1#!/bin/sh
2
3# set IP MASQUERADE for listed devices
4# this script must be set on the LAN gateway device
5
6
7set -x
8
9## INTERFACES(5)
10# IFACE  physical name of the interface being processed
11# METHOD method of the interface (e.g., static)
12# MODE   start if run from ifup, stop if run from ifdown
13# PHASE  as per MODE, but with finer granularity, distinguishing the pre-
14#        up, post-up, pre-down and post-down phases.
15
16# optional argument to set default gateway devices connected to WAN manually
17# (try each of them in order)
18GATEWAYS="$@"
19
20if [ "${PHASE}" = "post-down" ]; then
21    # flush POSTROUTING chain and exit
22    /sbin/iptables -t nat -F POSTROUTING
23    exit
24fi
25
26
27(
28
29# wait for initialization of WAN device with DHCPd
30sleep 60
31
32if [ -z "${GATEWAYS}" ]; then
33    GATEWAYS=`/sbin/ip route show table main | grep -w default | tr -s ' ' | cut -d ' ' -f 5`
34fi
35
36for GW in ${GATEWAYS}; do
37    if [ ${GW} = ${IFACE} ]; then
38        # skip if device is the LAN gateway
39        continue
40    fi
41   
42    IPADDR=`/sbin/ip addr show dev ${GW} | grep -w inet | tr -s ' ' | cut -d ' ' -f 3 | cut -d / -f 1`
43    if [ -z "${IPADDR}" ]; then
44        # device doesn't seem to have an IP address
45        continue
46    fi
47   
48    ## set masquerade rule to all devices
49    #  because there is no way to know which one is default gateway
50    #  without manual specification
51    /sbin/iptables -t nat -A POSTROUTING -o ${GW} -j MASQUERADE
52done
53
54) &
Note: See TracBrowser for help on using the repository browser.