Changeset 9461


Ignore:
Timestamp:
2007-10-29T12:00:33+01:00 (10 years ago)
Author:
florian
Message:

Only masquerade LAN, other settings need manual tweaking

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/package/iptables/files/firewall.init

    r9460 r9461  
    1212        config_get WANDEV wan device 
    1313        config_get LAN lan ifname 
     14        config_get LAN_MASK lan netmask 
     15        config_get LAN_IP lan ipaddr 
     16        LAN_NET=$(/bin/ipcalc.sh $LAN_IP $LAN_MASK | grep NETWORK | cut -d= -f2) 
    1417         
    1518        ## CLEAR TABLES 
     
    106109        [ -z "$WAN" ] || iptables -t nat -A PREROUTING -i "$WAN" -j prerouting_wan 
    107110        iptables -t nat -A POSTROUTING -j postrouting_rule 
    108         ### Only RFC1918 addresses 
    109         [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 192.168.0.0/16 -o $WAN -j MASQUERADE 
    110         [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 172.16.0.0/12 -o $WAN -j MASQUERADE 
    111         [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src 10.0.0.0/8 -o $WAN -j MASQUERADE 
     111        ### Only LAN 
     112        [ -z "$WAN" ] || iptables -t nat -A POSTROUTING --src $LAN_NET/$LAN_MASK -o $WAN -j MASQUERADE 
    112113 
    113114        iptables -t nat -A NEW -m limit --limit 50 --limit-burst 100 -j RETURN && \ 
Note: See TracChangeset for help on using the changeset viewer.