5 if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
6 local wanip=$(uci -P/var/state get network.wan.ipaddr)
8 iptables -t nat -F nat_reflection_in 2>/dev/null || {
9 iptables -t nat -N nat_reflection_in
10 iptables -t nat -A prerouting_rule -j nat_reflection_in
13 iptables -t nat -F nat_reflection_out 2>/dev/null || {
14 iptables -t nat -N nat_reflection_out
15 iptables -t nat -A postrouting_rule -j nat_reflection_out
24 config_get name "$cfg" name
26 [ "$name" = "$zone" ] && {
28 config_get network "$cfg" network
30 echo ${network:-$zone}
35 config_foreach find_networks_cb zone "$1"
42 config_get src "$cfg" src
45 config_get target "$cfg" target
47 [ "$src" = wan ] && [ "${target:-DNAT}" = DNAT ] && {
49 config_get dest "$cfg" dest "lan"
52 for net in $(find_networks "$dest"); do
53 local lanip=$(uci -P/var/state get network.$net.ipaddr)
54 local lanmk=$(uci -P/var/state get network.$net.netmask)
57 config_get proto "$cfg" proto
60 config_get_bool reflection "$cfg" reflection 1
61 [ "$reflection" == 1 ] || return
63 local epmin epmax extport
64 config_get extport "$cfg" src_dport
65 [ -n "$extport" ] || return
67 epmin="${extport%[-:]*}"; epmax="${extport#*[-:]}"
68 [ "$epmin" != "$epmax" ] || epmax=""
70 local ipmin ipmax intport
71 config_get intport "$cfg" dest_port "$extport"
73 ipmin="${intport%[-:]*}"; ipmax="${intport#*[-:]}"
74 [ "$ipmin" != "$ipmax" ] || ipmax=""
77 config_get exthost "$cfg" src_dip "$wanip"
80 config_get inthost "$cfg" dest_ip
81 [ -n "$inthost" ] || return
83 [ "$proto" = tcpudp ] && proto="tcp udp"
86 for p in ${proto:-tcp udp}; do
89 iptables -t nat -A nat_reflection_in \
90 -s $lanip/$lanmk -d $exthost \
91 -p $p --dport $epmin${epmax:+:$epmax} \
92 -j DNAT --to $inthost:$ipmin${ipmax:+-$ipmax}
94 iptables -t nat -A nat_reflection_out \
95 -s $lanip/$lanmk -d $inthost \
96 -p $p --dport $ipmin${ipmax:+:$ipmax} \
97 -j SNAT --to-source $lanip
106 config_foreach setup_fwd redirect
projects / openwrt-10.03 / .git / blob