===================================================================
RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v
retrieving revision 2.49
retrieving revision 2.50
diff -u -p -r2.49 -r2.50
--- scripts/shell/firewall/fw-universal.sh	2006/10/04 09:23:25	2.49
+++ scripts/shell/firewall/fw-universal.sh	2007/08/29 14:43:55	2.50
@@ -9,7 +9,7 @@
 # Licensed under terms of GNU General Public License.
 # All rights reserved.
 #
-# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.48 2006-09-30 21:55:28 rajo Exp $
+# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.49 2006-10-04 09:23:25 rajo Exp $
 #
 # Changelog:
 # 2003-10-24 - created
@@ -54,6 +54,7 @@ DEPMOD="${DEPMOD:=/sbin/depmod}"
 MODPROBE="${MODPROBE:=/sbin/modprobe}"
 RMMOD="${RMMOD:=/sbin/rmmod}"
 AWK="${AWK:=/usr/bin/awk}"
+PERL="${PERL:=/usr/bin/perl}"
 
 # loopback interface
 LO_IFACE="${LO_IFACE:=lo}"
@@ -362,12 +363,33 @@ masquerade()
 		done
 
 		for redirect in $NAT_TCP_PORT_REDIRECT; do
-			eval `echo $redirect | $AWK -v FS=: '{ printf "remote_port=%s; local_port=%s;", $1, $2; }'`
-			echo -en " $remote_port:$local_port"
+			#eval `echo $redirect | $AWK -v FS=: '{ printf "remote_port=%s; local_port=%s;", $1, $2; }'`
+			eval `echo $redirect | \
+				$AWK -v FS=: '	(NF == 2) { remote_ip = "$lan_ip"; remote_port = $1; local_port = $2; } \
+								(NF == 3) { remote_ip = $2;        remote_port = $1; local_port = $3; } \
+								END { printf "remote_ip=%s; remote_port=%s; local_port=%s;", remote_ip, remote_port, local_port; }'`
+			echo -en " $remote_port>>$remote_ip:$local_port(udp)"
 			$IPTABLES -t nat -A PREROUTING -p TCP \
 				-i ! $NAT_LAN_IFACE -d ! $lan_ip \
 				--dport $remote_port -j REDIRECT --to-port $local_port
 		done
+		for redirect in $NAT_UDP_PORT_REDIRECT; do
+			#eval `echo $redirect | $AWK -v FS=: '{ printf "remote_port=%s; local_port=%s;", $1, $2; }'`
+			eval `echo $redirect | \
+				$AWK -v FS=: '	(NF == 2) { dnat = "no"  ; remote_ip = "X"; remote_port = $1; local_port = $2; } \
+								(NF == 3) { dnat = "yes" ; remote_ip = $2;  remote_port = $1; local_port = $3; } \
+								END { printf "dnat=%s; remote_ip=%s; remote_port=%s; local_port=%s;", dnat, remote_ip, remote_port, local_port; }'`
+			echo -en " $remote_port>>$remote_ip:$local_port(udp)"
+			if [ "x$dnat" = "xyes" ]; then
+				$IPTABLES -t nat -A PREROUTING -p UDP -i $NAT_SUBNET_IFACE -d ! $ip \
+				--dport $local_port -j DNAT --to $remote_ip:$remote_port
+				$IPTABLES -A FORWARD -p UDP -i $NAT_SUBNET_IFACE -d ! $ip --dport $local_port -j ACCEPT
+			else
+				$IPTABLES -t nat -A PREROUTING -p UDP \
+					-i ! $NAT_LAN_IFACE -d ! $lan_ip \
+					--dport $remote_port -j REDIRECT --to-port $local_port
+			fi
+		done
 
 		#$IPTABLES -t nat -A POSTROUTING -s $localnet -o $NAT_LAN_IFACE -j MASQUERADE
 		$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE
@@ -414,7 +436,7 @@ masquerade()
 
 		# Port forwarding to local machines
 		if [ ! -z "$NAT_TCP_PORT_FORWARD" ]; then
-			echo -en "\tForwarding ports to local machines:"
+			echo -en "\tForwarding TCP ports to local machines:"
 			for redirect in $NAT_TCP_PORT_FORWARD; do
 				eval `echo $redirect | $AWK -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'`
 				echo -en " $src_port -> $local_machine:$dest_port"
@@ -424,6 +446,17 @@ masquerade()
 			done
 			echo " done."
 		fi
+		if [ ! -z "$NAT_UDP_PORT_FORWARD" ]; then
+			echo -en "\tForwarding UDP ports to local machines:"
+			for redirect in $NAT_UDP_PORT_FORWARD; do
+				eval `echo $redirect | $AWK -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'`
+				echo -en " $src_port -> $local_machine:$dest_port"
+				$IPTABLES -t nat -A PREROUTING -p UDP -i $NAT_LAN_IFACE -d $lan_ip \
+				--dport $src_port -j DNAT --to $local_machine:$dest_port
+				$IPTABLES -A FORWARD -p UDP -i $NAT_LAN_IFACE -d $local_machine --dport $dest_port -j ACCEPT
+			done
+			echo " done."
+		fi
 
 		# Keep state of connections from private subnets
 		$IPTABLES -A OUTPUT  -m state --state NEW -o $NAT_LAN_IFACE -j ACCEPT
@@ -861,57 +894,49 @@ parse_ifconfig()
 { # {{{
 	# Parse output from ifconfig:
 	parsed_interfaces=`$IFCONFIG | \
-		$AWK '
-BEGIN {
-	iface_count = 0;
-}
-
-/^[a-zA-Z0-9:]+[ \t]+/ { # Linux interface
-	split($1, fields, ":");
-	iface = fields[1];
-	ipcount[iface]++;
-	hwaddr[iface] = $NF;
-	iface_count++;
-}
-
-/^[ \t]+inet addr:/ { # Linux IP address
-	split($0, fields, "[ \t:]+");
-	ip[iface, ipcount[iface]] = fields[4];
-	bcast[iface] = fields[6]; # bad for loopback interface, but we don t need this
-	# try to upgrade gawk (3.1.4-2.0.1 => 3.1.5-1) if you experience problem on the next line
-	# awk: cmd. line:17: (FILENAME=- FNR=2) fatal: attempt to use array "fields" in a scalar context
-	idx = length(fields);
-	mask[iface] = fields[idx];
-}
+		$PERL -e '
+my $iface_count = 0;
+my $iface;
+my (%ip6, %scope6, %bcast, %mask, %hwaddr, %ipcount);
+
+while (my $line = <STDIN>) {
+	chomp $line;
+	if ($line =~ m/^([a-z0-9:]+)\s+.*?([a-z0-9:]+)\s*$/i) { # Linux interface
+		$iface	= $1;
+		my $iface_hwaddr = $2;
+		$iface	= [ $iface =~ m/^([a-z0-9]+)/i ]->[0]; # convert "eth0:0" --> "eth0"
+		$ipcount{$iface}++;
+		$hwaddr{$iface} = $iface_hwaddr;
+		$iface_count++;
+	}
+	elsif ($line =~ m/^[ \t]+inet addr:/) { # Linux IP address
+		die unless defined $iface;
+		my @fields = split(/[\s:]+/, $line);
+		push @{$ip{$iface}}, $fields[3];
+		$bcast{$iface} = $fields[5]	|| ""; # invalid for loopback interface lo, but we don t need this
+		$mask{$iface} = $fields[7]	|| $fields[5]; # for loopback interface lo
+	}
+	elsif($line =~ m/^[ \t]+inet6 addr:/) { # Linux IPv6 address
+		die unless defined $iface;
+		my @fields = split(/\s+/, $line);
+		push @{$ip6{$iface}}, $fields[3];
+		$scope6{$iface} = [ $fields[4] =~ m/Scope:(.*)$/i ]->[0];
+	}
 
-/^[ \t]+inet6 addr:/ { # Linux IPv6 address
-	split($0, fields, "[ \t]+");
-	ip6[iface] = fields[4];
-	scope6[iface] = fields[5];
 }
 
-END {
-	for (i in ip6)		{ printf "IFACE_6_%s=\"%s\";	export IFACE_6_%s;\n",	i, ip6[i],		i; }
-	for (i in scope6)	{ printf "SCOPE_6_%s=\"%s\";	export SCOPE_6_%s;\n",	i, scope6[i],	i; }
-	for (i in bcast)	{ printf "Bcast_%s=\"%s\";		export Bcast_%s;\n",	i, bcast[i],	i; }
-	for (i in mask)		{ printf "Mask_%s=\"%s\";		export Mask_%s;\n",		i, mask[i],		i; }
-	for (i in hwaddr)	{ printf "HWaddr_%s=\"%s\";		export HWaddr_%s;\n",	i, hwaddr[i],	i; }
-	for (i in ipcount)	{ printf "IPcount_%s=\"%s\";	export IPcount_%s;\n",	i, ipcount[i],	i; }
-	for (i in ipcount) {
-		printf "IP_%s=\"", i;
-		for (n = 1; n <= ipcount[i]; n++) {
-			printf "%s ", ip[i, n];
-		}
-		printf "\";	export IP_%s;\n", i;
-	}
-	printf "interfaces=\"";
-	for (i in ipcount) { printf "%s ", i; }
-	printf "\"; 	export interfaces;\n";
-}
+map { printf "IP_%s=\"%s\";			export IP_%s;\n",		$_, join(" ", @{$ip{$_}}),	$_; } keys %ip;
+map { printf "IFACE_6_%s=\"%s\";	export IFACE_6_%s;\n",	$_, join(" ", @{$ip6{$_}}),	$_; } keys %ip6;
+map { printf "SCOPE_6_%s=\"%s\";	export SCOPE_6_%s;\n",	$_, $scope6{$_},	$_; } keys %scope6;
+map { printf "Bcast_%s=\"%s\";		export Bcast_%s;\n",	$_, $bcast{$_},	$_; } keys %bcast;
+map { printf "Mask_%s=\"%s\";		export Mask_%s;\n",		$_, $mask{$_},	$_; } keys %mask;
+map { printf "HWaddr_%s=\"%s\";		export HWaddr_%s;\n",	$_, $hwaddr{$_},	$_; } keys %hwaddr;
+map { printf "IPcount_%s=\"%s\";	export IPcount_%s;\n",	$_, $ipcount{$_},	$_; } keys %ipcount;
+printf "interfaces=\"%s\"; 	export interfaces;\n", join(" ", keys %ip);
 	'`
 	eval "$parsed_interfaces";
 
-	parsed_routes=`perl -e '
+	parsed_routes=`$PERL -e '
 	$\ = "\n";
 	open(FILE, "/proc/net/route") or die "Can not open /proc/net/route: $!";
 	my @columns = split(/\s+/, <FILE>);