26 lines
1.1 KiB
Plaintext
26 lines
1.1 KiB
Plaintext
# In case this script crashed or was interrupted earlier, flush, unlink and
|
|
# delete the temp chain.
|
|
iptables -t nat -F BOOTSTACK_MASQ_NEW || true
|
|
iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ_NEW || true
|
|
iptables -t nat -X BOOTSTACK_MASQ_NEW || true
|
|
iptables -t nat -N BOOTSTACK_MASQ_NEW
|
|
# Build the chain we want.
|
|
{{#bootstack.masquerade_networks}}
|
|
NETWORK={{.}}
|
|
# Workaround iptables not permitting two -d parameters in one call.
|
|
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK -d 192.168.122.1 -j RETURN
|
|
iptables -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE
|
|
iptables -t nat -A POSTROUTING -s $NETWORK -o eth0 -j MASQUERADE
|
|
{{/bootstack.masquerade_networks}}
|
|
# Link it in.
|
|
iptables -t nat -I POSTROUTING -j BOOTSTACK_MASQ_NEW
|
|
# Delete the old chain if present.
|
|
iptables -t nat -F BOOTSTACK_MASQ || true
|
|
iptables -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
|
|
iptables -t nat -X BOOTSTACK_MASQ || true
|
|
# Rename the new chain into permanence.
|
|
iptables -t nat -E BOOTSTACK_MASQ_NEW BOOTSTACK_MASQ
|
|
# remove forwarding rule (fixes bug 1183099)
|
|
iptables -D FORWARD -j REJECT --reject-with icmp-host-prohibited
|
|
|