Extra nat et accès internet pour le routeur itself

5 years ago · 0120cfbb5f
parent b35b191904
commit 0120cfbb5f
2 changed files with 8 additions and 3 deletions
--- a/firewall_config.example.py
+++ b/firewall_config.example.py
@ -41,7 +41,8 @@ nat = [
            'eth1' : '185.230.76.0/24',
            'eth2' : '138.230.76.0/24',
        },
-        'ip_sources' : '10.42.0.0/16'
+        'ip_sources' : '10.42.0.0/16',
+        'extra_nat' : {'10.129.1.240' : '45.66.108.251'}
    },
    {
        'name' : 'nat2',
@ -49,6 +50,7 @@ nat = [
            'eth1' : '185.230.77.0/24',
            'eth3' : '138.1.145.0/24'
        },
-        'ip_sources' : '10.43.0.0/16'
+        'ip_sources' : '10.43.0.0/16',
+        'extra_nat' : {'10.129.1.240' : '45.66.108.251'}
    }
 ]
--- a/main.py
+++ b/main.py
@ -510,6 +510,10 @@ class iptables:
        for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items():
            self.add_in_subtable("nat4", subtable, '-s ' + nat_prive_ip_plage + ' -o %s -j SNAT --to-source ' % (interface,)  + '.'.join(pub_ip_range.split('.')[:3]) + '.' + str(250 + int(nat_prive_ip_plage.split('.')[1][0])))

+        ### Extra-nat (ex : Pour que le routeur ait accès à internet)
+        for ip_source, ip_to_nat in nat_type['extra_nat'].items():
+            self.add_in_subtable("nat4", subtable, '-s ' + ip_source + ' -j SNAT --to-source ' + ip_to_nat)
+
    def gen_mangle(self, empty=False):
        """Génération de la chaine mangle"""
        self.init_mangle("PREROUTING")
@ -537,7 +541,6 @@ class iptables:

    def restore_iptables(self, mode='4'):
        """Restoration de l'iptable générée"""
-        return
        if mode == '6':
            global_chain = self.global_chain6
            command_to_execute = ["sudo","-n","/sbin/ip6tables-restore"]