From c7b8effe17c54c139e74dd60713f3825abd5270b Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sun, 16 Apr 2017 13:10:45 +0200
Subject: [PATCH] Prevent network natting on an interface already natted.

---
 ipt-firewall-gateway | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway
index 77e105f..429d815 100755
--- a/ipt-firewall-gateway
+++ b/ipt-firewall-gateway
@@ -240,10 +240,28 @@ $ipt -Z
 
 $ipt -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
 
+unset natted_interface_arr
+declare -a natted_interface_arr
+
 for _dev in ${nat_device_arr[@]} ; do
    $ipt -t nat -A POSTROUTING -o $_dev -j MASQUERADE
+   natted_interface_arr+=("$_dev")
 done
 
+if [[ ${#nat_network_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
+   for _val in "${nat_network_arr[@]}" ; do
+      IFS=':' read -a _val_arr <<< "${_val}"
+
+      # - Prevent natting on an interface already natted
+      # -
+      if containsElement "${_val_arr[1]}" "${nat_device_arr[@]}" ; then
+         continue
+      fi
+
+      $ipt -t nat -A POSTROUTING -o ${_val_arr[1]} -d ${_val_arr[0]} -j MASQUERADE
+   done
+fi
+
 if $telekom_internet_tv ; then
    $ipt -t nat -A POSTROUTING -o $tv_extern_if -j MASQUERADE
 fi