version 2.95, 2013/09/21 03:01:24 |
version 2.97, 2013/09/28 08:30:57 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.94 2013-09-21 02:57:58 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.96 2013-09-23 08:40:34 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
print_info -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
print_info -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
|
|
if [ "X$XEN_MODE" = "Xon" ]; then |
if [ "X$XEN_MODE" = "Xon" ]; then |
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE |
if [ -n "$NAT_SUBNET_SRC" ]; then |
|
NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC"; |
|
fi |
|
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC |
print_info " done." |
print_info " done." |
print_info "XEN_MODE enabled: masquerade is limited to basic functionality only"; |
print_info "XEN_MODE enabled: masquerade is limited to basic functionality only"; |
return; |
return; |
|
|
fi |
fi |
done |
done |
|
|
#$IPTABLES -t nat -A POSTROUTING -s $localnet -o $NAT_LAN_IFACE -j MASQUERADE |
if [ -n "$NAT_SUBNET_SRC" ]; then |
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE |
NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC"; |
|
fi |
|
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC |
|
|
print_info " done." |
print_info " done." |
|
|
|
|
} # }}} |
} # }}} |
|
|
# ACCEPT all packets from our IP address |
# ACCEPT all packets from our IP address |
allow_output() |
allow_all_output() |
{ # {{{ |
{ # {{{ |
|
|
# Povolíme odchozí pakety, které mají naše IP adresy |
# Povolíme odchozí pakety, které mají naše IP adresy |
|
|
drop_input |
drop_input |
reject_input |
reject_input |
allow_input |
allow_input |
allow_output |
|
allow_icmp |
allow_icmp |
|
allow_all_output |
accept_loopback |
accept_loopback |
masquerade |
masquerade |
forward_on |
forward_on |