Refactor NETMAP a bit so it allows more flexibility with src and dst. Requires that the custom field starts with the --to address.

2 years ago · ae9a725e8c
3 changed files with 14 additions and 6 deletions
--- a/2
+++ b/2
@ -1,5 +1,5 @@
 2.1p1 - 01/01/2020
-	- Fix NETMAP so it works properly (was doing -d instead of -s for source address)
+	- Refactor NETMAP NAT target so its more flexible.  See new example nat.conf file for details

 2.1 Final - 07/12/2019
 	- Fix flush tables rule for raw
--- a/etc/ipv4/nat.conf
+++ b/etc/ipv4/nat.conf
@ -5,15 +5,17 @@
 # <type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
 #
 # Type: Required ( SNAT | MASQ | NETMAP | ACCEPT)
-# Source Interface: Optional ( interface name, aka eth0 )
+# Source Interface: Optional, ignored by NETMAP ( interface name, aka eth0 )
 # Source Address: Optional ( IP address with optional netmask )
 # Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
-# Destination Address: Required for all but MASQ ( IP address with optional netmask )
-# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
+# Destination Address: Required for all but MASQ and NETMAP ( IP address with optional netmask )
+# Custom: Optional for all except NETMAP, set custom section after the source/dest and before ACCEPT/DROP
+# Custom: Required for NETMAP, address to map TO, then all other custom options (see example)
 # You can use '-' for optional fields
 #============================================================
 #<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
 #SNAT eth1 10.0.0.0/24 eth0 172.16.1.1
 #MASQ - - eth0 -
-#NETMAP eth1 192.168.0.0/24 vpn0 172.16.10.0/24
+#NETMAP - 192.168.0.0/24 vpn0 - 172.16.0.0/24
+#^ ex: map src of 192.168.0.0/24 to 172.16.0.0/24 when it leaves via vpn0

--- a/lib/iptables.inc
+++ b/lib/iptables.inc
@ -484,7 +484,13 @@ function enable_nat {
 					${display} RED "nat.conf: Error - SNAT rule can not have empty destination address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress}" \
 					&& continue

-			([[ ${srcaddress} != "-" ]] && [[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) && action="-j NETMAP" && srcaddress="-s ${srcaddress}" && dstaddress="--to ${dstaddress}"
+			[[ ${type} == "NETMAP" ]] && action="-j NETMAP"
+			([[ ${dstaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) dstaddress="-d ${dstaddress}"
+			([[ ${srcaddress} != "-" ]] && [[ ${type} == "NETMAP" ]]) srcaddress="-s ${srcaddress}"
+			([[ ${custom} == "" ]] && [[ ${type} == "NETMAP" ]]) && \
+					${display} RED "nat.conf: Error - NETMAP rule can not have empty custom address: ${DEFAULT_COLOR}${type} ${srcinterface} ${srcaddress} ${dstinterface} ${dstaddress} ${custom}" \
+					&& continue
+			([[ ${custom} != "" ]] && [[ ${type} == "NETMAP" ]]) && custom="--to ${custom}"
 			

 			${debug} ${DebugColor} "${FUNCNAME}:${DEFAULT_COLOR}${direction} ${action} ${srcinterface} ${srcaddress} ${srcport} ${dstinterface} ${dstaddress} ${dstport} ${protocol} ${custom}"