From 01fe8d5ec6562f7485d06fc0159835f0d02cbce6 Mon Sep 17 00:00:00 2001 From: Brielle Bruns Date: Wed, 1 Jan 2020 13:35:11 -0700 Subject: [PATCH] More fixes with NETMAP. This time, lets put rules with -src interface in them in the PREROUTING chain. --- lib/iptables.inc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/iptables.inc b/lib/iptables.inc index f67cafa..f8ccf7b 100644 --- a/lib/iptables.inc +++ b/lib/iptables.inc @@ -471,7 +471,7 @@ function enable_nat { #[[ ${srcinterface} != "-" ]] && revsrcinterface="-o ${srcinterface}" [[ ${srcinterface} != "-" ]] && srcinterface="-i ${srcinterface}" [[ ${dstinterface} != "-" ]] && dstinterface="-o ${dstinterface}" - ([[ ${srcaddress} != "-" ]] && [[ ${type} != "NETMAP" ]]) && srcaddress="-s ${srcaddress}" + [[ ${srcaddress} != "-" ]] && srcaddress="-s ${srcaddress}" ([[ ${dstinterface} != "-" ]] && [[ ${type} == "MASQ" ]]) && action="-j MASQUERADE" ([[ ${dstinterface} == "-" ]] && [[ ${type} == "MASQ" ]]) && \ @@ -486,7 +486,9 @@ function enable_nat { [[ ${type} == "NETMAP" ]] && action="-j NETMAP" ([[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && dstaddress="-d ${dstaddress}" - ([[ ${srcaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && srcaddress="-s ${srcaddress}" + # If we use a source interface, the rule can't go in a POSTROUTING table like what NAT is, so we punt it to PREROUTING + # or it won't work. Plus we remove the destination interface too. + ([[ ${srcinterface} != "-" ]] && [[ ${type} == "NETMAP" ]]) && NAT="PREROUTING" && dstinterface="-" ([[ ${custom} == "" ]] && [[ ${type} == "NETMAP" ]]) && \ ${display} RED "nat.conf: Error - NETMAP rule can not have empty custom address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress} ${custom}" \ && continue