===================================================================
RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v
retrieving revision 2.95
retrieving revision 2.96
diff -u -p -r2.95 -r2.96
--- scripts/shell/firewall/fw-universal.sh	2013/09/21 03:01:24	2.95
+++ scripts/shell/firewall/fw-universal.sh	2013/09/23 08:40:34	2.96
@@ -22,7 +22,7 @@
 # Licensed under terms of GNU General Public License.
 # All rights reserved.
 #
-# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.94 2013-09-21 02:57:58 nepto Exp $
+# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.95 2013-09-21 03:01:24 nepto Exp $
 #
 # Changelog:
 # 2003-10-24 - created
@@ -468,7 +468,10 @@ masquerade()
 	print_info -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE"
 
 	if [ "X$XEN_MODE" = "Xon" ]; then
-		$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE
+		if [ -n "$NAT_SUBNET_SRC" ]; then
+			NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC";
+		fi
+		$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC
 		print_info " done."
 		print_info "XEN_MODE enabled: masquerade is limited to basic functionality only";
 		return;
@@ -516,8 +519,10 @@ masquerade()
 		fi
 	done
 
-	#$IPTABLES -t nat -A POSTROUTING -s $localnet -o $NAT_LAN_IFACE -j MASQUERADE
-	$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE
+	if [ -n "$NAT_SUBNET_SRC" ]; then
+		NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC";
+	fi
+	$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC
 
 	print_info " done."