Permet de faire un nat simple (routeur-aurore) sans plage de ports
This commit is contained in:
root
parent
0120cfbb5f
commit
fb2f52e94d
1 changed files with 34 additions and 32 deletions
66
main.py
66
main.py
|
|
@ -475,44 +475,46 @@ class iptables:
|
||||||
self.init_nat(subtable, decision="-")
|
self.init_nat(subtable, decision="-")
|
||||||
self.jump_all_trafic("nat", "POSTROUTING", subtable, mode='4')
|
self.jump_all_trafic("nat", "POSTROUTING", subtable, mode='4')
|
||||||
|
|
||||||
nat_prive_ip_plage = nat_type['ip_sources']
|
if 'interfaces_ip_to_nat' in nat_type and 'ip_sources' in nat_type:
|
||||||
for nat_ip_range in range(1, 11):
|
nat_prive_ip_plage = nat_type['ip_sources']
|
||||||
range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range )
|
for nat_ip_range in range(1, 11):
|
||||||
self.init_nat(range_name, decision="-")
|
range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range )
|
||||||
self.add_in_subtable("nat4", subtable, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.0/24 -j ' + range_name)
|
self.init_nat(range_name, decision="-")
|
||||||
for nat_ip_range in range(1, 11):
|
self.add_in_subtable("nat4", subtable, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.0/24 -j ' + range_name)
|
||||||
range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range)
|
for nat_ip_range in range(1, 11):
|
||||||
nat_rule_tcp = ""
|
range_name = 'nat' + nat_prive_ip_plage.split('.')[1] + '_' + str("%02d" % nat_ip_range)
|
||||||
nat_rule_udp = ""
|
nat_rule_tcp = ""
|
||||||
for nat_ip_subrange in range(16):
|
nat_rule_udp = ""
|
||||||
subrange_name = range_name + '_' + str(hex(nat_ip_subrange)[2:])
|
for nat_ip_subrange in range(16):
|
||||||
self.init_nat(subrange_name, decision="-")
|
subrange_name = range_name + '_' + str(hex(nat_ip_subrange)[2:])
|
||||||
self.add_in_subtable("nat4", range_name, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_ip_subrange*16) + '/28 -j ' + subrange_name)
|
self.init_nat(subrange_name, decision="-")
|
||||||
for nat_private_ip in range(256):
|
self.add_in_subtable("nat4", range_name, '-s ' + '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_ip_subrange*16) + '/28 -j ' + subrange_name)
|
||||||
ip_src = '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_private_ip) + '/32'
|
for nat_private_ip in range(256):
|
||||||
|
ip_src = '.'.join(nat_prive_ip_plage.split('.')[:2]) + '.' + str(nat_ip_range) + '.' + str(nat_private_ip) + '/32'
|
||||||
|
|
||||||
port_low = 1000 + 1000*(nat_private_ip%64)
|
port_low = 1000 + 1000*(nat_private_ip%64)
|
||||||
port_high = port_low + 999
|
port_high = port_low + 999
|
||||||
|
|
||||||
subrange_name = range_name + '_' + str(hex(nat_private_ip//16)[2:])
|
subrange_name = range_name + '_' + str(hex(nat_private_ip//16)[2:])
|
||||||
|
|
||||||
# On nat
|
# On nat
|
||||||
|
|
||||||
for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items():
|
for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items():
|
||||||
ip_nat = '.'.join(pub_ip_range.split('.')[:3]) + '.' + str((int(nat_prive_ip_plage.split('.')[1][0]) - 1)*40 + 4*(nat_ip_range - 1) + nat_private_ip//64)
|
ip_nat = '.'.join(pub_ip_range.split('.')[:3]) + '.' + str((int(nat_prive_ip_plage.split('.')[1][0]) - 1)*40 + 4*(nat_ip_range - 1) + nat_private_ip//64)
|
||||||
nat_rule_tcp += '\n-A %s -s %s -o %s -p tcp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high))
|
nat_rule_tcp += '\n-A %s -s %s -o %s -p tcp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high))
|
||||||
nat_rule_udp += '\n-A %s -s %s -o %s -p udp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high))
|
nat_rule_udp += '\n-A %s -s %s -o %s -p udp -j SNAT --to-source %s' % (subrange_name, ip_src, interface, ip_nat + ':' + str(port_low) + '-' + str(port_high))
|
||||||
self.add("nat4", nat_rule_tcp)
|
self.add("nat4", nat_rule_tcp)
|
||||||
self.add("nat4", nat_rule_udp)
|
self.add("nat4", nat_rule_udp)
|
||||||
|
|
||||||
# On nat tout ce qui match dans les règles et qui n'est pas du tcp/udp derrière la première ip publique unused (25*10) + 1
|
# On nat tout ce qui match dans les règles et qui n'est pas du tcp/udp derrière la première ip publique unused (25*10) + 1
|
||||||
# Ne pas oublier de loguer ce qui sort de cette ip
|
# Ne pas oublier de loguer ce qui sort de cette ip
|
||||||
for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items():
|
for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items():
|
||||||
self.add_in_subtable("nat4", subtable, '-s ' + nat_prive_ip_plage + ' -o %s -j SNAT --to-source ' % (interface,) + '.'.join(pub_ip_range.split('.')[:3]) + '.' + str(250 + int(nat_prive_ip_plage.split('.')[1][0])))
|
self.add_in_subtable("nat4", subtable, '-s ' + nat_prive_ip_plage + ' -o %s -j SNAT --to-source ' % (interface,) + '.'.join(pub_ip_range.split('.')[:3]) + '.' + str(250 + int(nat_prive_ip_plage.split('.')[1][0])))
|
||||||
|
|
||||||
### Extra-nat (ex : Pour que le routeur ait accès à internet)
|
if 'extra_nat' in nat_type:
|
||||||
for ip_source, ip_to_nat in nat_type['extra_nat'].items():
|
### Extra-nat (ex : Pour que le routeur ait accès à internet)
|
||||||
self.add_in_subtable("nat4", subtable, '-s ' + ip_source + ' -j SNAT --to-source ' + ip_to_nat)
|
for ip_source, ip_to_nat in nat_type['extra_nat'].items():
|
||||||
|
self.add_in_subtable("nat4", subtable, '-s ' + ip_source + ' -j SNAT --to-source ' + ip_to_nat)
|
||||||
|
|
||||||
def gen_mangle(self, empty=False):
|
def gen_mangle(self, empty=False):
|
||||||
"""Génération de la chaine mangle"""
|
"""Génération de la chaine mangle"""
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue