diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index 8d3e247..c508f85 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -265,16 +265,27 @@ $ipt -F -t raw $ipt -X $ipt -Z +echo_done + $ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu unset natted_interface_arr declare -a natted_interface_arr -for _dev in ${nat_device_arr[@]} ; do - $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE - natted_interface_arr+=("$_dev") -done +echo "" +echononl "\tMasquerade (NAT) interfaces.." +if [[ ${#nat_device_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then + for _dev in ${nat_device_arr[@]} ; do + $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE + natted_interface_arr+=("$_dev") + done + echo_done +else + echo_skipped +fi + +echononl "\tMasquerade (NAT) networks.." if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then for _val in "${nat_network_arr[@]}" ; do IFS=':' read -a _val_arr <<< "${_val}" @@ -290,14 +301,22 @@ if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -s ${_val_arr[0]} -j MASQUERADE done + echo_done +else + echo_skipped fi +echo if $telekom_internet_tv ; then + echononl "\tNAT Telekom Intzernet TV.." $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE + echo_done + echo fi unset no_if_for_ip_arr declare -a no_if_for_ip_arr +echononl "\tMasquerade TCP Connections .." if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then for _val in "${masquerade_tcp_con_arr[@]}" ; do IFS=':' read -a _val_arr <<< "${_val}" @@ -311,22 +330,22 @@ if [[ ${#masquerade_tcp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; th fi $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p tcp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE done + echo_done +else + echo_skipped fi -#echo_done # Flushing firewall iptable (IPv4).. if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then echo_warning for _ip in ${no_if_for_ip_arr[@]} ; do warn "(TCP) Masquerading for ip '$_ip' was omitted - No destination interface present!" done -else - echo_done fi -echo unset no_if_for_ip_arr declare -a no_if_for_ip_arr +echononl "\tMasquerade UDP Connections .." if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then for _val in "${masquerade_udp_con_arr[@]}" ; do IFS=':' read -a _val_arr <<< "${_val}" @@ -340,26 +359,30 @@ if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; th fi $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p udp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE done + echo_done +else + echo_skipped fi -#echo_done # Flushing firewall iptable (IPv4).. if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then echo_warning for _ip in ${no_if_for_ip_arr[@]} ; do warn "(UDP) Masquerading for ip '$_ip' was omitted - No destination interface present!" done -else - echo_done fi -echo +echononl "\tMasquerade ICMP Connections .." if [[ ${#masquerade_icmp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then for _val in "${masquerade_icmp_con_arr[@]}" ; do IFS=':' read -a _val_arr <<< "${_val}" $ipt -t nat -A POSTROUTING -p icmp -s ${_val_arr[0]} -d ${_val_arr[1]} -j MASQUERADE done + echo_done +else + echo_skipped fi +echo # -------------