# You should not edit this file. Instead, create a file with the same # name as this one, but with a .rul extension instead of .def. The # .rul file will override this one. # # However, any changes you make to this file will be preserved. #: Masquerade packets from internal networks #if [ -n "$INTERNAL" -a -n "$EXTERNAL_IN" -a -n "$PFW" ]; then if [ -n "$EXTERNAL_IN" -a -n "$PFW" ]; then for pool in $PFWPOOLS; do eval "PROTOS=\"\$PFWPROTO_$pool\"" eval "ORIGPORTS=\"\$PFWORIGPORTS_$pool\"" eval "PFWIP=\"\$PFWIP_$pool\"" eval "PFWPORT=\"\$PFWPORT_$pool\"" for PROTO in $PROTOS; do for ORIGPORT in $ORIGPORTS; do ORIGPORT_DASH=$(echo $ORIGPORT | sed 's/:/-/g') for j in $EXTERNAL_IN; do ipnm_cache $j EXTIP=$IPOFIF case $MASQMETHOD in ipfwadm) ipmasqadm portfw -a -P $PROTO -L $EXTIP $ORIGPORT_DASH -R $PFWIP $PFWPORT ;; ipchains) ipmasqadm portfw -a -P $PROTO -L $EXTIP $ORIGPORT_DASH -R $PFWIP $PFWPORT ;; netfilter) $IPTABLES -A PREROUTING -t nat -p $PROTO -d $EXTIP --dport $ORIGPORT -j DNAT --to $PFWIP${PFWPORT:+:$PFWPORT} ;; esac for i in $INTERNAL; do ipnm_cache $i case $MASQMETHOD in netfilter) $IPTABLES -A FORWARD -i $j -o $i -p $PROTO --dport $ORIGPORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # TODO: This should be done only for the interface containing the portforward host # if [ "$PORTFW_REMAP_LOCAL" = "y" ]; then # $IPTABLES -A POSTROUTING -t nat -p $PROTO -d $PFWIP ${PFWPORT:+--dport $PFWPORT} -s $IPOFIF/$NMOFIF -j SNAT --to $IPOFIF # fi ;; esac done done done done done fi =master'>commitdiff
path: root/tags/57/13/kapateco.201611150833.3.68.6564304.288a3@kp.kpmail.be/old
diff options
context:
space:
mode:
Diffstat (limited to 'tags/57/13/kapateco.201611150833.3.68.6564304.288a3@kp.kpmail.be/old')
-rw-r--r--tags/57/13/kapateco.201611150833.3.68.6564304.288a3@kp.kpmail.be/old0
1 files changed, 0 insertions, 0 deletions