diff options
Diffstat (limited to 'contrib')
| -rwxr-xr-x | contrib/netjail/netjail_core.sh | 7 | ||||
| -rwxr-xr-x | contrib/netjail/netjail_start.sh | 12 |
2 files changed, 12 insertions, 7 deletions
diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh index de8838775..da784fa5e 100755 --- a/contrib/netjail/netjail_core.sh +++ b/contrib/netjail/netjail_core.sh | |||
| @@ -188,9 +188,10 @@ netjail_node_add_nat() { | |||
| 188 | local ADDRESS=$2 | 188 | local ADDRESS=$2 |
| 189 | local MASK=$3 | 189 | local MASK=$3 |
| 190 | 190 | ||
| 191 | ip netns exec $NODE nft add table nat | 191 | ip netns exec $NODE nft add table nat |
| 192 | ip netns exec $NODE nft add chain nat postrouting { type nat hook postrouting priority 0 \; } | 192 | ip netns exec $NODE nft add chain nat postrouting { type nat hook postrouting priority 0 \; } |
| 193 | ip netns exec $NODE nft add rule ip nat postrouting ip saddr "$ADDRESS/$MASK" counter masquerade | 193 | ip netns exec $NODE nft add rule ip nat postrouting ip saddr "$ADDRESS/$MASK" counter masquerade |
| 194 | # ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE | ||
| 194 | } | 195 | } |
| 195 | 196 | ||
| 196 | netjail_node_add_default() { | 197 | netjail_node_add_default() { |
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh index d8e69c9cf..e2d5fd634 100755 --- a/contrib/netjail/netjail_start.sh +++ b/contrib/netjail/netjail_start.sh | |||
| @@ -77,12 +77,16 @@ for N in $(seq $GLOBAL_N); do | |||
| 77 | 77 | ||
| 78 | if [ "1" == "${R_TCP[$N]}" ] | 78 | if [ "1" == "${R_TCP[$N]}" ] |
| 79 | then | 79 | then |
| 80 | ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N tcp dport 60002 counter dnat to $LOCAL_GROUP.1 | 80 | #ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N tcp dport 60002 counter dnat to $LOCAL_GROUP.1 |
| 81 | ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept | 81 | #ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept |
| 82 | ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p tcp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1 | ||
| 83 | ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | ||
| 82 | fi | 84 | fi |
| 83 | if [ "1" == "${R_UDP[$N]}" ] | 85 | if [ "1" == "${R_UDP[$N]}" ] |
| 84 | then | 86 | then |
| 85 | ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N udp dport $PORT counter dnat to $LOCAL_GROUP.1 | 87 | #ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N udp dport $PORT counter dnat to $LOCAL_GROUP.1 |
| 86 | ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept | 88 | #ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept |
| 89 | ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p udp -d $GLOBAL_GROUP.$N --dport $PORT -j DNAT --to $LOCAL_GROUP.1 | ||
| 90 | ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | ||
| 87 | fi | 91 | fi |
| 88 | done | 92 | done |