diff options
Diffstat (limited to 'contrib')
m--------- | contrib/gana | 0 | ||||
-rwxr-xr-x | contrib/netjail/netjail_core.sh | 4 | ||||
-rwxr-xr-x | contrib/netjail/netjail_start.sh | 8 |
3 files changed, 7 insertions, 5 deletions
diff --git a/contrib/gana b/contrib/gana | |||
Subproject 6b889c206c1948cf7180e9d5478fd8fba65617e | Subproject 048ad729b3177a5de1726517bc905e6cd7688d0 | ||
diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh index ed363cf35..de8838775 100755 --- a/contrib/netjail/netjail_core.sh +++ b/contrib/netjail/netjail_core.sh | |||
@@ -188,7 +188,9 @@ netjail_node_add_nat() { | |||
188 | local ADDRESS=$2 | 188 | local ADDRESS=$2 |
189 | local MASK=$3 | 189 | local MASK=$3 |
190 | 190 | ||
191 | ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE | 191 | ip netns exec $NODE nft add table nat |
192 | ip netns exec $NODE nft add chain nat postrouting { type nat hook postrouting priority 0 \; } | ||
193 | ip netns exec $NODE nft add rule ip nat postrouting ip saddr "$ADDRESS/$MASK" counter masquerade | ||
192 | } | 194 | } |
193 | 195 | ||
194 | netjail_node_add_default() { | 196 | netjail_node_add_default() { |
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh index f7c417c27..d8e69c9cf 100755 --- a/contrib/netjail/netjail_start.sh +++ b/contrib/netjail/netjail_start.sh | |||
@@ -77,12 +77,12 @@ for N in $(seq $GLOBAL_N); do | |||
77 | 77 | ||
78 | if [ "1" == "${R_TCP[$N]}" ] | 78 | if [ "1" == "${R_TCP[$N]}" ] |
79 | then | 79 | then |
80 | ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p tcp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1 | 80 | ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N tcp dport 60002 counter dnat to $LOCAL_GROUP.1 |
81 | ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | 81 | ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept |
82 | fi | 82 | fi |
83 | if [ "1" == "${R_UDP[$N]}" ] | 83 | if [ "1" == "${R_UDP[$N]}" ] |
84 | then | 84 | then |
85 | ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p udp -d $GLOBAL_GROUP.$N --dport $PORT -j DNAT --to $LOCAL_GROUP.1 | 85 | ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N udp dport $PORT counter dnat to $LOCAL_GROUP.1 |
86 | ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | 86 | ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept |
87 | fi | 87 | fi |
88 | done | 88 | done |