show iptables change when applying network sharing rules
This commit is contained in:
garywill
garywill
parent
c97c3c3b30
commit
d31d161842
16
create_ap
16
create_ap
|
|
@ -1550,9 +1550,9 @@ ip addr add ${GATEWAY}/24 broadcast ${GATEWAY%.*}.255 dev ${WIFI_IFACE} || die "
|
|||
if [[ "$SHARE_METHOD" != "none" ]]; then
|
||||
echo "Sharing Internet using method: $SHARE_METHOD"
|
||||
if [[ "$SHARE_METHOD" == "nat" ]]; then
|
||||
iptables -w -t nat -I POSTROUTING -s ${GATEWAY%.*}.0/24 ! -o ${WIFI_IFACE} -j MASQUERADE || die
|
||||
iptables -w -I FORWARD -i ${WIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
||||
iptables -w -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
||||
iptables -w -v -t nat -I POSTROUTING -s ${GATEWAY%.*}.0/24 ! -o ${WIFI_IFACE} -j MASQUERADE || die
|
||||
iptables -w -v -I FORWARD -i ${WIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
||||
iptables -w -v -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die
|
||||
echo 1 > /proc/sys/net/ipv4/conf/$INTERNET_IFACE/forwarding || die
|
||||
echo 1 > /proc/sys/net/ipv4/ip_forward || die
|
||||
# to enable clients to establish PPTP connections we must
|
||||
|
|
@ -1567,18 +1567,18 @@ fi
|
|||
|
||||
if [[ $NO_DNS -eq 0 ]]; then
|
||||
DNS_PORT=5353
|
||||
iptables -w -I INPUT -i ${WIFI_IFACE} -p tcp -m tcp --dport $DNS_PORT -j ACCEPT || die
|
||||
iptables -w -I INPUT -i ${WIFI_IFACE} -p udp -m udp --dport $DNS_PORT -j ACCEPT || die
|
||||
iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
|
||||
iptables -w -v -I INPUT -i ${WIFI_IFACE} -p tcp -m tcp --dport $DNS_PORT -j ACCEPT || die
|
||||
iptables -w -v -I INPUT -i ${WIFI_IFACE} -p udp -m udp --dport $DNS_PORT -j ACCEPT || die
|
||||
iptables -w -v -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
|
||||
-p tcp -m tcp --dport 53 -j REDIRECT --to-ports $DNS_PORT || die
|
||||
iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
|
||||
iptables -w -v -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \
|
||||
-p udp -m udp --dport 53 -j REDIRECT --to-ports $DNS_PORT || die
|
||||
else
|
||||
DNS_PORT=0
|
||||
fi
|
||||
|
||||
if [[ $NO_DNSMASQ -eq 0 ]]; then
|
||||
iptables -w -I INPUT -i ${WIFI_IFACE} -p udp -m udp --dport 67 -j ACCEPT || die
|
||||
iptables -w -v -I INPUT -i ${WIFI_IFACE} -p udp -m udp --dport 67 -j ACCEPT || die
|
||||
|
||||
if which complain > /dev/null 2>&1; then
|
||||
# openSUSE's apparmor does not allow dnsmasq to read files.
|
||||
|
|
|
|||
Loading…
Reference in New Issue