version 2.94, 2013/09/21 02:57:58 |
version 2.97, 2013/09/28 08:30:57 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.93 2013-09-21 02:55:50 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.96 2013-09-23 08:40:34 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
return; |
return; |
fi |
fi |
|
|
print_info -en "NAT: Enabling packet forwarding..." |
|
echo 1 > /proc/sys/net/ipv4/ip_forward |
|
print_info " done." |
|
print_info -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
print_info -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
|
|
if [ "X$XEN_MODE" = "Xon" ]; then |
if [ "X$XEN_MODE" = "Xon" ]; then |
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE |
if [ -n "$NAT_SUBNET_SRC" ]; then |
|
NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC"; |
|
fi |
|
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC |
print_info " done." |
print_info " done." |
print_info "XEN_MODE enabled: masquerade is limited to basic functionality only"; |
print_info "XEN_MODE enabled: masquerade is limited to basic functionality only"; |
return; |
return; |
|
|
fi |
fi |
done |
done |
|
|
#$IPTABLES -t nat -A POSTROUTING -s $localnet -o $NAT_LAN_IFACE -j MASQUERADE |
if [ -n "$NAT_SUBNET_SRC" ]; then |
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE |
NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC"; |
|
fi |
|
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC |
|
|
print_info " done." |
print_info " done." |
|
|
|
|
} # }}} |
} # }}} |
|
|
# ACCEPT all packets from our IP address |
# ACCEPT all packets from our IP address |
allow_output() |
allow_all_output() |
{ # {{{ |
{ # {{{ |
|
|
# Povolíme odchozí pakety, které mají naše IP adresy |
# Povolíme odchozí pakety, které mají naše IP adresy |
|
|
drop_input |
drop_input |
reject_input |
reject_input |
allow_input |
allow_input |
allow_output |
|
allow_icmp |
allow_icmp |
|
allow_all_output |
accept_loopback |
accept_loopback |
masquerade |
masquerade |
|
forward_on |
log_input_drop |
log_input_drop |
log_output_drop |
log_output_drop |
log_forward_drop |
log_forward_drop |
forward_on |
|
do_ip_accounting |
do_ip_accounting |
shaping_off |
shaping_off |
shaping_on |
shaping_on |