diff --git a/conf/main_ipv4.conf.sample b/conf/main_ipv4.conf.sample index dadd8a1..f243e9b 100644 --- a/conf/main_ipv4.conf.sample +++ b/conf/main_ipv4.conf.sample @@ -1365,6 +1365,7 @@ udp_out_ports="" other_services="" + # ============= # --- Masuqerading # ============= @@ -1402,6 +1403,34 @@ nat_networks="" masquerade_tcp_cons="" +# - Masquerade UDP Connections +# - +# - masquerade_udp_con="::: [:: ..]" +# - +# - Example: +# - +# - masquerade_udp_con="192.168.63.0/24:192.168.62.244:123" +# - 10.0.0.0/8:192.168.62.244:161" +# - +# - +# - Blank separated list +# - +masquerade_udp_cons="" + + + +# - Masquerade ICMP Connections +# - +# - masquerade_icmp_cons=": [:] .." +# - +# - 192.168.81.249: Switch +# - +# - Blank separated list +# - +masquerade_icmp_cons="" + + + # ============= # --- Portforwarding # ============= diff --git a/conf/post_decalrations.conf b/conf/post_decalrations.conf index 9d26a25..3de7975 100644 --- a/conf/post_decalrations.conf +++ b/conf/post_decalrations.conf @@ -19,6 +19,16 @@ for _str in $masquerade_tcp_cons ; do masquerade_tcp_con_arr+=("$_str") done +declare -a masquerade_udp_con_arr +for _str in $masquerade_udp_cons ; do + masquerade_udp_con_arr+=("$_str") +done + +declare -a masquerade_icmp_con_arr +for _str in $masquerade_icmp_cons ; do + masquerade_icmp_con_arr+=("$_str") +done + # --- # - Extern Network interfaces (DSL, Staic Lines, All together) diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway index f2afa5c..3bc24d0 100755 --- a/ipt-firewall-gateway +++ b/ipt-firewall-gateway @@ -303,7 +303,7 @@ fi if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then echo_warning for _ip in ${no_if_for_ip_arr[@]} ; do - warn "Masquerading for ip '$_ip' was omitted - No idestination interface present!" + warn "(TCP) Masquerading for ip '$_ip' was omitted - No destination interface present!" done else echo_done @@ -311,6 +311,43 @@ fi echo +unset no_if_for_ip_arr +declare -a no_if_for_ip_arr +if [[ ${#masquerade_udp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then + for _val in "${masquerade_udp_con_arr[@]}" ; do + IFS=':' read -a _val_arr <<< "${_val}" + + + # - Skip if no interface is given + # - + if [[ -z "${_val_arr[3]}" ]] ; then + no_if_for_ip_arr+=("${_val_arr[1]}") + continue + fi + $ipt -t nat -A POSTROUTING -o ${_val_arr[3]} -p udp -s ${_val_arr[0]} -d ${_val_arr[1]} --dport ${_val_arr[2]} -j MASQUERADE + done +fi + +#echo_done # Flushing firewall iptable (IPv4).. +if [[ ${#no_if_for_ip_arr[@]} -gt 0 ]] ; then + echo_warning + for _ip in ${no_if_for_ip_arr[@]} ; do + warn "(UDP) Masquerading for ip '$_ip' was omitted - No destination interface present!" + done +else + echo_done +fi +echo + +if [[ ${#masquerade_icmp_con_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then + for _val in "${masquerade_icmp_con_arr[@]}" ; do + IFS=':' read -a _val_arr <<< "${_val}" + + $ipt -t nat -A POSTROUTING -p icmp -s ${_val_arr[0]} -d ${_val_arr[1]} -j MASQUERADE + done +fi + + # ------------- # - Log given IP Addresses # -------------