Browse Source

More fixes with NETMAP. This time, lets put rules with -src interface in them in the PREROUTING chain.

tags/2.1p1
Brielle Bruns 1 year ago
parent
commit
01fe8d5ec6
1 changed files with 4 additions and 2 deletions
  1. +4
    -2
      lib/iptables.inc

+ 4
- 2
lib/iptables.inc View File

@@ -471,7 +471,7 @@ function enable_nat {
#[[ ${srcinterface} != "-" ]] && revsrcinterface="-o ${srcinterface}"
[[ ${srcinterface} != "-" ]] && srcinterface="-i ${srcinterface}"
[[ ${dstinterface} != "-" ]] && dstinterface="-o ${dstinterface}"
([[ ${srcaddress} != "-" ]] && [[ ${type} != "NETMAP" ]]) && srcaddress="-s ${srcaddress}"
[[ ${srcaddress} != "-" ]] && srcaddress="-s ${srcaddress}"
([[ ${dstinterface} != "-" ]] && [[ ${type} == "MASQ" ]]) && action="-j MASQUERADE"
([[ ${dstinterface} == "-" ]] && [[ ${type} == "MASQ" ]]) && \
@@ -486,7 +486,9 @@ function enable_nat {

[[ ${type} == "NETMAP" ]] && action="-j NETMAP"
([[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && dstaddress="-d ${dstaddress}"
([[ ${srcaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && srcaddress="-s ${srcaddress}"
# If we use a source interface, the rule can't go in a POSTROUTING table like what NAT is, so we punt it to PREROUTING
# or it won't work. Plus we remove the destination interface too.
([[ ${srcinterface} != "-" ]] && [[ ${type} == "NETMAP" ]]) && NAT="PREROUTING" && dstinterface="-"
([[ ${custom} == "" ]] && [[ ${type} == "NETMAP" ]]) && \
${display} RED "nat.conf: Error - NETMAP rule can not have empty custom address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress} ${custom}" \
&& continue


Loading…
Cancel
Save