From fb2f52e94dace662446d87afdc24b6b888cfb17c Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Tue, 29 Oct 2019 16:24:08 +0100 Subject: [PATCH] Permet de faire un nat simple (routeur-aurore) sans plage de ports --- main.py | 66 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 34 insertions(+), 32 deletions(-) diff --git a/main.py b/main.py index 18585cb..a0b97c4 100755 --- a/main.py +++ b/main.py @@ -475,44 +475,46 @@ class iptables: self.init_nat(subtable, decision="-") self.jump_all_trafic("nat", "POSTROUTING", subtable, mode='4') - nat_prive_ip_plage = nat_type['ip_sources'] - for nat_ip_range in range(1, 11): - range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range ) - self.init_nat(range_name, decision="-") - self.add_in_subtable("nat4", subtable, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.0/24 -j ' + range_name) - for nat_ip_range in range(1, 11): - range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range) - nat_rule_tcp = "" - nat_rule_udp = "" - for nat_ip_subrange in range(16): - subrange_name = range_name + '_' + str(hex(nat_ip_subrange)[2:]) - self.init_nat(subrange_name, decision="-") - self.add_in_subtable("nat4", range_name, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_ip_subrange*16) + '/28 -j ' + subrange_name) - for nat_private_ip in range(256): - ip_src = '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_private_ip) + '/32' + if 'interfaces_ip_to_nat' in nat_type and 'ip_sources' in nat_type: + nat_prive_ip_plage = nat_type['ip_sources'] + for nat_ip_range in range(1, 11): + range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range ) + self.init_nat(range_name, decision="-") + self.add_in_subtable("nat4", subtable, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.0/24 -j ' + range_name) + for nat_ip_range in range(1, 11): + range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range) + nat_rule_tcp = "" + nat_rule_udp = "" + for nat_ip_subrange in range(16): + subrange_name = range_name + '_' + str(hex(nat_ip_subrange)[2:]) + self.init_nat(subrange_name, decision="-") + self.add_in_subtable("nat4", range_name, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_ip_subrange*16) + '/28 -j ' + subrange_name) + for nat_private_ip in range(256): + ip_src = '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_private_ip) + '/32' - port_low = 1000 + 1000*(nat_private_ip%64) - port_high = port_low + 999 + port_low = 1000 + 1000*(nat_private_ip%64) + port_high = port_low + 999 - subrange_name = range_name + '_' + str(hex(nat_private_ip//16)[2:]) + subrange_name = range_name + '_' + str(hex(nat_private_ip//16)[2:]) - # On nat + # On nat - for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items(): - ip_nat = '.'.join(pub_ip_range.split('.')[:3]) + '.' + str((int(nat_prive_ip_plage.split('.')[1][0]) - 1)*40 + 4*(nat_ip_range - 1) + nat_private_ip//64) - nat_rule_tcp += '\n-A %s -s %s -o %s -p tcp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high)) - nat_rule_udp += '\n-A %s -s %s -o %s -p udp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high)) - self.add("nat4", nat_rule_tcp) - self.add("nat4", nat_rule_udp) + for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items(): + ip_nat = '.'.join(pub_ip_range.split('.')[:3]) + '.' + str((int(nat_prive_ip_plage.split('.')[1][0]) - 1)*40 + 4*(nat_ip_range - 1) + nat_private_ip//64) + nat_rule_tcp += '\n-A %s -s %s -o %s -p tcp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high)) + nat_rule_udp += '\n-A %s -s %s -o %s -p udp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high)) + self.add("nat4", nat_rule_tcp) + self.add("nat4", nat_rule_udp) - # On nat tout ce qui match dans les règles et qui n'est pas du tcp/udp derrière la première ip publique unused (25*10) + 1 - # Ne pas oublier de loguer ce qui sort de cette ip - for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items(): - self.add_in_subtable("nat4", subtable, '-s ' + nat_prive_ip_plage + ' -o %s -j SNAT --to-source ' % (interface,) + '.'.join(pub_ip_range.split('.')[:3]) + '.' + str(250 + int(nat_prive_ip_plage.split('.')[1][0]))) + # On nat tout ce qui match dans les règles et qui n'est pas du tcp/udp derrière la première ip publique unused (25*10) + 1 + # Ne pas oublier de loguer ce qui sort de cette ip + for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items(): + self.add_in_subtable("nat4", subtable, '-s ' + nat_prive_ip_plage + ' -o %s -j SNAT --to-source ' % (interface,) + '.'.join(pub_ip_range.split('.')[:3]) + '.' + str(250 + int(nat_prive_ip_plage.split('.')[1][0]))) - ### Extra-nat (ex : Pour que le routeur ait accès à internet) - for ip_source, ip_to_nat in nat_type['extra_nat'].items(): - self.add_in_subtable("nat4", subtable, '-s ' + ip_source + ' -j SNAT --to-source ' + ip_to_nat) + if 'extra_nat' in nat_type: + ### Extra-nat (ex : Pour que le routeur ait accès à internet) + for ip_source, ip_to_nat in nat_type['extra_nat'].items(): + self.add_in_subtable("nat4", subtable, '-s ' + ip_source + ' -j SNAT --to-source ' + ip_to_nat) def gen_mangle(self, empty=False): """Génération de la chaine mangle"""