Add 'nat_devices': a list of devices that will be natted (beside dsl devices)
This commit is contained in:
@ -240,7 +240,7 @@ $ipt -Z
|
||||
|
||||
$ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
||||
|
||||
for _dev in ${dsl_device_arr[@]} ; do
|
||||
for _dev in ${nat_device_arr[@]} ; do
|
||||
$ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
|
||||
done
|
||||
|
||||
@ -1579,7 +1579,7 @@ if [[ ${#ssh_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${ssh_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${ssh_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
|
||||
fi
|
||||
$ipt -A FORWARD -i ${ssh_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
|
||||
@ -1739,7 +1739,7 @@ if [[ ${#vpn_server_dmz_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${vpn_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${vpn_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${vpn_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:$_port
|
||||
fi
|
||||
done
|
||||
@ -1849,7 +1849,7 @@ if [[ ${#http_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${http_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${http_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
|
||||
fi
|
||||
$ipt -A FORWARD -i ${http_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
|
||||
@ -1909,7 +1909,7 @@ if [[ ${#http_ssl_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${http_ssl_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --syn --dport $standard_https_port -j DNAT --to $_ip:$standard_https_port
|
||||
fi
|
||||
$ipt -A FORWARD -i ${http_ssl_server_dmz_arr[$_ip]} -p tcp --dport $standard_https_port -d $_ip -j ACCEPT
|
||||
@ -2081,7 +2081,7 @@ if [[ ${#mail_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${mail_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${mail_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -m conntrack --ctstate NEW -j DNAT --to $_ip:$_port
|
||||
fi
|
||||
$ipt -A FORWARD -i ${mail_server_dmz_arr[$_ip]} -p tcp --dport $_port -d $_ip -m conntrack --ctstate NEW -j ACCEPT
|
||||
@ -2210,7 +2210,7 @@ if [[ ${#ftp_server_dmz_arr[@]} -gt 0 ]] && [[ -n $ftp_passive_port_range ]]; th
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${ftp_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${ftp_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 21 -j DNAT --to $_ip:21
|
||||
$ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport 20 -j DNAT --to $_ip:20
|
||||
$ipt -t nat -A PREROUTING -i ${ftp_server_dmz_arr[$_ip]} -p tcp --dport $ftp_passive_port_range -j DNAT --to $_ip:${ftp_passive_port_arr[0]}-${ftp_passive_port_arr[1]}
|
||||
@ -2377,7 +2377,7 @@ if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${samba_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
IFS=':' read -a _udp_port_arr <<< ${_port}
|
||||
if [[ -n "${_udp_port_arr[1]}" ]] ; then
|
||||
$ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p udp --dport $_port -j DNAT --to $_ip:${_udp_port_arr[0]}-${_udp_port_arr[1]}
|
||||
@ -2391,7 +2391,7 @@ if [[ ${#samba_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${samba_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${samba_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${samba_server_dmz_arr[$_ip]} -p tcp --dport $_port -j DNAT --to $_ip:$_port
|
||||
fi
|
||||
done
|
||||
@ -3252,7 +3252,7 @@ if [[ ${#rm_server_dmz_arr[@]} -gt 0 ]] ; then
|
||||
|
||||
# - Nat if interface is on a dsl line
|
||||
# -
|
||||
if containsElement "${rm_server_dmz_arr[$_ip]}" "${dsl_device_arr[@]}" ; then
|
||||
if containsElement "${rm_server_dmz_arr[$_ip]}" "${nat_device_arr[@]}" ; then
|
||||
$ipt -t nat -A PREROUTING -i ${rm_server_dmz_arr[$_ip]} -p tcp --syn --dport $remote_console_port -j DNAT --to $_ip:$remote_console_port
|
||||
fi
|
||||
$ipt -A FORWARD -i ${rm_server_dmz_arr[$_ip]} -p tcp -d $_ip --dport $remote_console_port -m conntrack --ctstate NEW -j ACCEPT
|
||||
|
||||
Reference in New Issue
Block a user