Prevent network natting on an interface already natted.

2017-04-16 13:10:45 +02:00 · 2017-04-16 13:10:45 +02:00 · c7b8effe17
commit c7b8effe17
parent f668ea62fe
1 changed files with 18 additions and 0 deletions
--- a/18
+++ b/18
@ -240,10 +240,28 @@ $ipt -Z

 $ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

+unset natted_interface_arr
+declare -a natted_interface_arr
+
 for _dev in ${nat_device_arr[@]} ; do
   $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
 done

+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
 if $telekom_internet_tv ; then
   $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
 fi