diff options
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/netjail/netjail_core.sh | 7 | ||||
-rwxr-xr-x | contrib/netjail/netjail_start.sh | 12 |
2 files changed, 12 insertions, 7 deletions
diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh index de8838775..da784fa5e 100755 --- a/contrib/netjail/netjail_core.sh +++ b/contrib/netjail/netjail_core.sh | |||
@@ -188,9 +188,10 @@ netjail_node_add_nat() { | |||
188 | local ADDRESS=$2 | 188 | local ADDRESS=$2 |
189 | local MASK=$3 | 189 | local MASK=$3 |
190 | 190 | ||
191 | ip netns exec $NODE nft add table nat | 191 | ip netns exec $NODE nft add table nat |
192 | ip netns exec $NODE nft add chain nat postrouting { type nat hook postrouting priority 0 \; } | 192 | ip netns exec $NODE nft add chain nat postrouting { type nat hook postrouting priority 0 \; } |
193 | ip netns exec $NODE nft add rule ip nat postrouting ip saddr "$ADDRESS/$MASK" counter masquerade | 193 | ip netns exec $NODE nft add rule ip nat postrouting ip saddr "$ADDRESS/$MASK" counter masquerade |
194 | # ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE | ||
194 | } | 195 | } |
195 | 196 | ||
196 | netjail_node_add_default() { | 197 | netjail_node_add_default() { |
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh index d8e69c9cf..e2d5fd634 100755 --- a/contrib/netjail/netjail_start.sh +++ b/contrib/netjail/netjail_start.sh | |||
@@ -77,12 +77,16 @@ for N in $(seq $GLOBAL_N); do | |||
77 | 77 | ||
78 | if [ "1" == "${R_TCP[$N]}" ] | 78 | if [ "1" == "${R_TCP[$N]}" ] |
79 | then | 79 | then |
80 | ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N tcp dport 60002 counter dnat to $LOCAL_GROUP.1 | 80 | #ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N tcp dport 60002 counter dnat to $LOCAL_GROUP.1 |
81 | ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept | 81 | #ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept |
82 | ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p tcp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1 | ||
83 | ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | ||
82 | fi | 84 | fi |
83 | if [ "1" == "${R_UDP[$N]}" ] | 85 | if [ "1" == "${R_UDP[$N]}" ] |
84 | then | 86 | then |
85 | ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N udp dport $PORT counter dnat to $LOCAL_GROUP.1 | 87 | #ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N udp dport $PORT counter dnat to $LOCAL_GROUP.1 |
86 | ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept | 88 | #ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept |
89 | ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p udp -d $GLOBAL_GROUP.$N --dport $PORT -j DNAT --to $LOCAL_GROUP.1 | ||
90 | ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | ||
87 | fi | 91 | fi |
88 | done | 92 | done |