projects / openwrt.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
mac80211: update to wireless-testing 2011-06-22
[openwrt.git] / package / firewall / files / reflection.hotplug
1 #!/bin/sh
2
3 . /etc/functions.sh
4
5 if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
6 local wanip=$(uci -P/var/state get network.wan.ipaddr)
7
8 iptables -t nat -F nat_reflection_in 2>/dev/null || {
9 iptables -t nat -N nat_reflection_in
10 iptables -t nat -A prerouting_rule -j nat_reflection_in
11 }
12
13 iptables -t nat -F nat_reflection_out 2>/dev/null || {
14 iptables -t nat -N nat_reflection_out
15 iptables -t nat -A postrouting_rule -j nat_reflection_out
16 }
17
18 iptables -t filter -F nat_reflection_fwd 2>/dev/null || {
19 iptables -t filter -N nat_reflection_fwd
20 iptables -t filter -A forwarding_rule -j nat_reflection_fwd
21 }
22
23 find_networks() {
24 find_networks_cb() {
25 local cfg="$1"
26 local zone="$2"
27
28 local name
29 config_get name "$cfg" name
30
31 [ "$name" = "$zone" ] && {
32 local network
33 config_get network "$cfg" network
34
35 echo ${network:-$zone}
36 return 1
37 }
38 }
39
40 config_foreach find_networks_cb zone "$1"
41 }
42
43 setup_fwd() {
44 local cfg="$1"
45
46 local reflection
47 config_get_bool reflection "$cfg" reflection 1
48 [ "$reflection" == 1 ] || return
49
50 local src
51 config_get src "$cfg" src
52
53 local target
54 config_get target "$cfg" target DNAT
55
56 [ "$src" = wan ] && [ "$target" = DNAT ] && {
57 local dest
58 config_get dest "$cfg" dest "lan"
59
60 local net
61 for net in $(find_networks "$dest"); do
62 local lanip=$(uci -P/var/state get network.$net.ipaddr)
63 local lanmk=$(uci -P/var/state get network.$net.netmask)
64
65 local proto
66 config_get proto "$cfg" proto
67
68 local epmin epmax extport
69 config_get extport "$cfg" src_dport
70 [ -n "$extport" ] || return
71
72 epmin="${extport%[-:]*}"; epmax="${extport#*[-:]}"
73 [ "$epmin" != "$epmax" ] || epmax=""
74
75 local ipmin ipmax intport
76 config_get intport "$cfg" dest_port "$extport"
77
78 ipmin="${intport%[-:]*}"; ipmax="${intport#*[-:]}"
79 [ "$ipmin" != "$ipmax" ] || ipmax=""
80
81 local exthost
82 config_get exthost "$cfg" src_dip "$wanip"
83
84 local inthost
85 config_get inthost "$cfg" dest_ip
86 [ -n "$inthost" ] || return
87
88 [ "$proto" = tcpudp ] && proto="tcp udp"
89
90 [ "${inthost#!}" = "$inthost" ] || return 0
91 [ "${exthost#!}" = "$exthost" ] || return 0
92
93 local p
94 for p in ${proto:-tcp udp}; do
95 case "$p" in
96 tcp|udp)
97 iptables -t nat -A nat_reflection_in \
98 -s $lanip/$lanmk -d $exthost \
99 -p $p --dport $epmin${epmax:+:$epmax} \
100 -j DNAT --to $inthost:$ipmin${ipmax:+-$ipmax}
101
102 iptables -t nat -A nat_reflection_out \
103 -s $lanip/$lanmk -d $inthost \
104 -p $p --dport $ipmin${ipmax:+:$ipmax} \
105 -j SNAT --to-source $lanip
106
107 iptables -t filter -A nat_reflection_fwd \
108 -s $lanip/$lanmk -d $inthost \
109 -p $p --dport $ipmin${ipmax:+:$ipmax} \
110 -j ACCEPT
111 ;;
112 esac
113 done
114 done
115 }
116 }
117
118 config_load firewall
119 config_foreach setup_fwd redirect
120 fi
Personal OpenWRT clone
This page took 0.075893 seconds and 5 git commands to generate.