|
|
|
|
@ -632,16 +632,14 @@ class iptables:
|
|
|
|
|
|
|
|
|
|
if 'extra_nat' in nat_type:
|
|
|
|
|
### Extra-nat (ex : Pour que le routeur ait accès à internet)
|
|
|
|
|
for ip_source, ip_to_nat in nat_type['extra_nat'].items():
|
|
|
|
|
rule = ""
|
|
|
|
|
if 'extra_nat_group' in nat_type:
|
|
|
|
|
rule = "-m set --match-set " + nat_type['extra_nat_group'] + " src "
|
|
|
|
|
rule += '-s ' + ip_source + ' -j SNAT --to-source ' + ip_to_nat
|
|
|
|
|
self.add_in_subtable("nat4", subtable, rule)
|
|
|
|
|
|
|
|
|
|
if "masquerade" in nat_type:
|
|
|
|
|
for ip_source in nat_type["masquerade"]:
|
|
|
|
|
self.jump_trafic_from_source('nat', ip_source, 'POSTROUTING', 'MASQUERADE', '4')
|
|
|
|
|
for interface, rules in nat_type['extra_nat'].items():
|
|
|
|
|
for ip_source, ip_to_nat in rules.items():
|
|
|
|
|
rule = ''
|
|
|
|
|
if 'extra_nat_group' in nat_type and interface in nat_type['extra_nat_group']:
|
|
|
|
|
rule = "-m set --match-set " + nat_type['extra_nat_group'][interface] + " src "
|
|
|
|
|
rule += '-s ' + ip_source + ' -o ' + interface + ' -j SNAT --to-source ' + ip_to_nat
|
|
|
|
|
self.add_in_subtable("nat4", subtable, rule)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def gen_mangle(self, empty=False):
|
|
|
|
|
"""Génération de la chaine mangle"""
|
|
|
|
|
|
