5 if [ "$ACTION" = "ifup" ] && [ "$INTERFACE" = "wan" ]; then
6 local wanip
=$
(uci
-P/var
/state get network.wan.ipaddr
)
8 iptables
-t nat
-F nat_reflection_in
2>/dev
/null ||
{
9 iptables
-t nat
-N nat_reflection_in
10 iptables
-t nat
-A prerouting_rule
-j nat_reflection_in
13 iptables
-t nat
-F nat_reflection_out
2>/dev
/null ||
{
14 iptables
-t nat
-N nat_reflection_out
15 iptables
-t nat
-A postrouting_rule
-j nat_reflection_out
24 config_get name
"$cfg" name
26 [ "$name" = "$zone" ] && {
28 config_get network
"$cfg" network
30 echo ${network:-$zone}
35 config_foreach find_networks_cb zone
"$1"
42 config_get src
"$cfg" src
46 config_get dest
"$cfg" dest
"lan"
49 for net
in $
(find_networks
"$dest"); do
50 local lanip
=$
(uci
-P/var
/state get network.
$net.ipaddr
)
51 local lanmk
=$
(uci
-P/var
/state get network.
$net.netmask
)
54 config_get proto
"$cfg" proto
56 local epmin epmax extport
57 config_get extport
"$cfg" src_dport
58 [ -n "$extport" ] ||
return
60 epmin
="${extport%[-:]*}"; epmax
="${extport#*[-:]}"
61 [ "$epmin" != "$epmax" ] || epmax
=""
63 local ipmin ipmax intport
64 config_get intport
"$cfg" dest_port
"$extport"
66 ipmin
="${intport%[-:]*}"; ipmax
="${intport#*[-:]}"
67 [ "$ipmin" != "$ipmax" ] || ipmax
=""
70 config_get exthost
"$cfg" src_dip
"$wanip"
73 config_get inthost
"$cfg" dest_ip
74 [ -n "$inthost" ] ||
return
76 [ "$proto" = tcpudp
] && proto
="tcp udp"
79 for p
in ${proto:-tcp udp}; do
82 iptables
-t nat
-A nat_reflection_in \
83 -s $lanip/$lanmk -d $exthost \
84 -p $p --dport $epmin${epmax:+:$epmax} \
85 -j DNAT
--to $inthost:$ipmin${ipmax:+-$ipmax}
87 iptables
-t nat
-A nat_reflection_out \
88 -s $lanip/$lanmk -d $inthost \
89 -p $p --dport $ipmin${ipmax:+:$ipmax} \
90 -j SNAT
--to-source $lanip
99 config_foreach setup_fwd redirect
projects / openwrt.git / blob