Rozdiely pre scripts/shell/firewall/fw-universal.sh medzi verziami 2.94 a 2.96
verzia 2.94, 2013/09/21 02:57:58 |
verzia 2.96, 2013/09/23 08:40:34 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.93 2013-09-21 02:55:50 nepto Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.95 2013-09-21 03:01:24 nepto Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
return; |
return; |
fi |
fi |
|
|
print_info -en "NAT: Enabling packet forwarding..." |
|
echo 1 > /proc/sys/net/ipv4/ip_forward |
|
print_info " done." |
|
print_info -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
print_info -en "NAT: Masquerading local subnet: $NAT_SUBNET_IFACE --> $NAT_LAN_IFACE" |
|
|
if [ "X$XEN_MODE" = "Xon" ]; then |
if [ "X$XEN_MODE" = "Xon" ]; then |
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE |
if [ -n "$NAT_SUBNET_SRC" ]; then |
|
NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC"; |
|
fi |
|
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC |
print_info " done." |
print_info " done." |
print_info "XEN_MODE enabled: masquerade is limited to basic functionality only"; |
print_info "XEN_MODE enabled: masquerade is limited to basic functionality only"; |
return; |
return; |
|
|
fi |
fi |
done |
done |
|
|
#$IPTABLES -t nat -A POSTROUTING -s $localnet -o $NAT_LAN_IFACE -j MASQUERADE |
if [ -n "$NAT_SUBNET_SRC" ]; then |
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE |
NAT_SUBNET_SRC="-s $NAT_SUBNET_SRC"; |
|
fi |
|
$IPTABLES -t nat -A POSTROUTING -o $NAT_LAN_IFACE -j MASQUERADE $NAT_SUBNET_SRC |
|
|
print_info " done." |
print_info " done." |
|
|
|
|
allow_icmp |
allow_icmp |
accept_loopback |
accept_loopback |
masquerade |
masquerade |
|
forward_on |
log_input_drop |
log_input_drop |
log_output_drop |
log_output_drop |
log_forward_drop |
log_forward_drop |
forward_on |
|
do_ip_accounting |
do_ip_accounting |
shaping_off |
shaping_off |
shaping_on |
shaping_on |
Platon Group <platon@platon.sk> http://platon.sk/
|
|