From 0120cfbb5fbfddad66e1289510b77223371c363b Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Sat, 14 Sep 2019 12:19:28 +0200 Subject: [PATCH] =?UTF-8?q?Extra=20nat=20et=20acc=C3=A8s=20internet=20pour?= =?UTF-8?q?=20le=20routeur=20itself?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- firewall_config.example.py | 6 ++++-- main.py | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/firewall_config.example.py b/firewall_config.example.py index 03320d0..29683c8 100644 --- a/firewall_config.example.py +++ b/firewall_config.example.py @@ -41,7 +41,8 @@ nat = [ 'eth1' : '185.230.76.0/24', 'eth2' : '138.230.76.0/24', }, - 'ip_sources' : '10.42.0.0/16' + 'ip_sources' : '10.42.0.0/16', + 'extra_nat' : {'10.129.1.240' : '45.66.108.251'} }, { 'name' : 'nat2', @@ -49,6 +50,7 @@ nat = [ 'eth1' : '185.230.77.0/24', 'eth3' : '138.1.145.0/24' }, - 'ip_sources' : '10.43.0.0/16' + 'ip_sources' : '10.43.0.0/16', + 'extra_nat' : {'10.129.1.240' : '45.66.108.251'} } ] diff --git a/main.py b/main.py index fb21f40..18585cb 100755 --- a/main.py +++ b/main.py @@ -510,6 +510,10 @@ class iptables: for interface, pub_ip_range in nat_type['interfaces_ip_to_nat'].items(): self.add_in_subtable("nat4", subtable, '-s ' + nat_prive_ip_plage + ' -o %s -j SNAT --to-source ' % (interface,) + '.'.join(pub_ip_range.split('.')[:3]) + '.' + str(250 + int(nat_prive_ip_plage.split('.')[1][0]))) + ### Extra-nat (ex : Pour que le routeur ait accès à internet) + for ip_source, ip_to_nat in nat_type['extra_nat'].items(): + self.add_in_subtable("nat4", subtable, '-s ' + ip_source + ' -j SNAT --to-source ' + ip_to_nat) + def gen_mangle(self, empty=False): """Génération de la chaine mangle""" self.init_mangle("PREROUTING") @@ -537,7 +541,6 @@ class iptables: def restore_iptables(self, mode='4'): """Restoration de l'iptable générée""" - return if mode == '6': global_chain = self.global_chain6 command_to_execute = ["sudo","-n","/sbin/ip6tables-restore"]