|
@@ -59,6 +59,24 @@ setup_nat() {
|
|
|
setup_forward() {
|
|
setup_forward() {
|
|
|
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
|
iptables -A FORWARD -i ${eth0} -o ${wan} -j ACCEPT
|
|
iptables -A FORWARD -i ${eth0} -o ${wan} -j ACCEPT
|
|
|
|
|
+ while read -r ip public private ; do
|
|
|
|
|
+ [[ "$ip" =~ ^[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}$ ]] || continue
|
|
|
|
|
+ [[ "$public" =~ ^[0-9]{1,}$ ]] || continue
|
|
|
|
|
+ [[ "$private" =~ ^[0-9]{1,}$ ]] || continue
|
|
|
|
|
+ iptables -A PREROUTING -t nat -i ${wan} -p tcp --dport ${public} -j DNAT --to ${ip}:${private}
|
|
|
|
|
+ #iptables -A FORWARD -i ${wan} -p tcp --syn --dport ${private} -m conntrack --ctstate NEW --ctproto TCP -j ACCEPT
|
|
|
|
|
+ iptables -A FORWARD -i ${wan} -p tcp --syn -d ${ip} --dport ${private} -m conntrack --ctstate NEW --ctproto TCP -j ACCEPT
|
|
|
|
|
+ done < $confd/FORWARD.tcp
|
|
|
|
|
+
|
|
|
|
|
+ while read -r ip public private ; do
|
|
|
|
|
+ [[ "$ip" =~ ^[0-9]{1,}.[0-9]{1,}.[0-9]{1,}.[0-9]{1,}$ ]] || continue
|
|
|
|
|
+ [[ "$public" =~ ^[0-9]{1,}$ ]] || continue
|
|
|
|
|
+ [[ "$private" =~ ^[0-9]{1,}$ ]] || continue
|
|
|
|
|
+ iptables -A PREROUTING -t nat -i ${wan} -p udp --dport ${public} -j DNAT --to ${ip}:${private}
|
|
|
|
|
+ #iptables -A FORWARD -i ${wan} -p udp --dport ${private} -m conntrack --ctstate NEW --ctproto UDP -j ACCEPT
|
|
|
|
|
+ iptables -A FORWARD -i ${wan} -p udp -d ${ip} --dport ${private} -m conntrack --ctstate NEW --ctproto UDP -j ACCEPT
|
|
|
|
|
+ done < $confd/FORWARD.udp
|
|
|
|
|
+
|
|
|
if $logforward ; then
|
|
if $logforward ; then
|
|
|
setup_fordroplog
|
|
setup_fordroplog
|
|
|
iptables -A FORWARD -j FORWARD-LOG-DROP
|
|
iptables -A FORWARD -j FORWARD-LOG-DROP
|
