Merge remote-tracking branch 'ms/firewall-no-nat' into next

Conflicts: doc/language_issues.nl doc/language_issues.tr
2026-04-17 14:33:00 +02:00 · 2014-08-07 14:50:42 +02:00
parent f808e5891c 983d471f93
commit 908555842c
11 changed files with 164 additions and 3 deletions
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -867,6 +867,12 @@ WARNING: untranslated string: last
 WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
+WARNING: untranslated string: masquerade blue
+WARNING: untranslated string: masquerade green
+WARNING: untranslated string: masquerade orange
+WARNING: untranslated string: masquerading
+WARNING: untranslated string: masquerading disabled
+WARNING: untranslated string: masquerading enabled
 WARNING: untranslated string: maximum
 WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -878,6 +878,12 @@ WARNING: untranslated string: last
 WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
+WARNING: untranslated string: masquerade blue
+WARNING: untranslated string: masquerade green
+WARNING: untranslated string: masquerade orange
+WARNING: untranslated string: masquerading
+WARNING: untranslated string: masquerading disabled
+WARNING: untranslated string: masquerading enabled
 WARNING: untranslated string: maximum
 WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -688,6 +688,12 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
+WARNING: untranslated string: masquerade blue
+WARNING: untranslated string: masquerade green
+WARNING: untranslated string: masquerade orange
+WARNING: untranslated string: masquerading
+WARNING: untranslated string: masquerading disabled
+WARNING: untranslated string: masquerading enabled
 WARNING: untranslated string: messages
 WARNING: untranslated string: model
 WARNING: untranslated string: modem hardware details
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -867,6 +867,12 @@ WARNING: untranslated string: last
 WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
+WARNING: untranslated string: masquerade blue
+WARNING: untranslated string: masquerade green
+WARNING: untranslated string: masquerade orange
+WARNING: untranslated string: masquerading
+WARNING: untranslated string: masquerading disabled
+WARNING: untranslated string: masquerading enabled
 WARNING: untranslated string: maximum
 WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -863,6 +863,12 @@ WARNING: untranslated string: last
 WARNING: untranslated string: least preferred
 WARNING: untranslated string: lifetime
 WARNING: untranslated string: mac filter
+WARNING: untranslated string: masquerade blue
+WARNING: untranslated string: masquerade green
+WARNING: untranslated string: masquerade orange
+WARNING: untranslated string: masquerading
+WARNING: untranslated string: masquerading disabled
+WARNING: untranslated string: masquerading enabled
 WARNING: untranslated string: maximum
 WARNING: untranslated string: messages
 WARNING: untranslated string: minimum
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -688,6 +688,12 @@ WARNING: untranslated string: gen dh
 WARNING: untranslated string: generate dh key
 WARNING: untranslated string: imei
 WARNING: untranslated string: imsi
+WARNING: untranslated string: masquerade blue
+WARNING: untranslated string: masquerade green
+WARNING: untranslated string: masquerade orange
+WARNING: untranslated string: masquerading
+WARNING: untranslated string: masquerading disabled
+WARNING: untranslated string: masquerading enabled
 WARNING: untranslated string: messages
 WARNING: untranslated string: model
 WARNING: untranslated string: modem hardware details
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -341,6 +341,12 @@
 < least preferred
 < lifetime
 < mac filter
+< masquerade blue
+< masquerade green
+< masquerade orange
+< masquerading
+< masquerading disabled
+< masquerading enabled
 < maximum
 < MB read
 < MB written
@@ -882,6 +888,12 @@
 < least preferred
 < lifetime
 < mac filter
+< masquerade blue
+< masquerade green
+< masquerade orange
+< masquerading
+< masquerading disabled
+< masquerading enabled
 < maximum
 < MB read
 < MB written
@@ -1407,6 +1419,12 @@
 < least preferred
 < lifetime
 < mac filter
+< masquerade blue
+< masquerade green
+< masquerade orange
+< masquerading
+< masquerading disabled
+< masquerading enabled
 < maximum
 < MB read
 < MB written
@@ -1923,6 +1941,12 @@
 < least preferred
 < lifetime
 < mac filter
+< masquerade blue
+< masquerade green
+< masquerade orange
+< masquerading
+< masquerading disabled
+< masquerading enabled
 < maximum
 < MB read
 < MB written
--- a/html/cgi-bin/optionsfw.cgi
+++ b/html/cgi-bin/optionsfw.cgi
@@ -70,6 +70,17 @@ if ($errormessage) {
        &Header::closebox();
 }

+# Set new defaults
+if (!$settings{'MASQUERADE_GREEN'}) {
+	$settings{'MASQUERADE_GREEN'} = 'on';
+}
+if (!$settings{'MASQUERADE_ORANGE'}) {
+	$settings{'MASQUERADE_ORANGE'} = 'on';
+}
+if (!$settings{'MASQUERADE_BLUE'}) {
+	$settings{'MASQUERADE_BLUE'} = 'on';
+}
+
 $checked{'DROPNEWNOTSYN'}{'off'} = '';
 $checked{'DROPNEWNOTSYN'}{'on'} = '';
 $checked{'DROPNEWNOTSYN'}{$settings{'DROPNEWNOTSYN'}} = "checked='checked'";
@@ -112,12 +123,69 @@ $checked{'SHOWDROPDOWN'}{$settings{'SHOWDROPDOWN'}} = "checked='checked'";
 $selected{'FWPOLICY'}{$settings{'FWPOLICY'}}= 'selected';
 $selected{'FWPOLICY1'}{$settings{'FWPOLICY1'}}= 'selected';
 $selected{'FWPOLICY2'}{$settings{'FWPOLICY2'}}= 'selected';
+$selected{'MASQUERADE_GREEN'}{'off'} = '';
+$selected{'MASQUERADE_GREEN'}{'on'} = '';
+$selected{'MASQUERADE_GREEN'}{$settings{'MASQUERADE_GREEN'}} = 'selected="selected"';
+$selected{'MASQUERADE_ORANGE'}{'off'} = '';
+$selected{'MASQUERADE_ORANGE'}{'on'} = '';
+$selected{'MASQUERADE_ORANGE'}{$settings{'MASQUERADE_ORANGE'}} = 'selected="selected"';
+$selected{'MASQUERADE_BLUE'}{'off'} = '';
+$selected{'MASQUERADE_BLUE'}{'on'} = '';
+$selected{'MASQUERADE_BLUE'}{$settings{'MASQUERADE_BLUE'}} = 'selected="selected"';

 &Header::openbox('100%', 'center',);
 print "<form method='post' action='$ENV{'SCRIPT_NAME'}'>";

-print <<END
+print <<END;
 <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+	<table width='95%' cellspacing='0'>
+		<tr bgcolor='$color{'color20'}'>
+			<td colspan='2' align='left'><b>$Lang::tr{'masquerading'}</b></td>
+		</tr>
+		<tr>
+			<td align='left' width='60%'>$Lang::tr{'masquerade green'}</td>
+			<td>
+				<select name='MASQUERADE_GREEN'>
+					<option value='on' $selected{'MASQUERADE_GREEN'}{'on'}>$Lang::tr{'masquerading enabled'}</option>
+					<option value='off' $selected{'MASQUERADE_GREEN'}{'off'}>$Lang::tr{'masquerading disabled'}</option>
+				</select>
+			</td>
+		</tr>
+END
+
+	if (&Header::orange_used()) {
+		print <<END;
+			<tr>
+				<td align='left' width='60%'>$Lang::tr{'masquerade orange'}</td>
+				<td>
+					<select name='MASQUERADE_ORANGE'>
+						<option value='on' $selected{'MASQUERADE_ORANGE'}{'on'}>$Lang::tr{'masquerading enabled'}</option>
+						<option value='off' $selected{'MASQUERADE_ORANGE'}{'off'}>$Lang::tr{'masquerading disabled'}</option>
+					</select>
+				</td>
+			</tr>
+END
+	}
+
+	if (&Header::blue_used()) {
+		print <<END;
+			<tr>
+				<td align='left' width='60%'>$Lang::tr{'masquerade blue'}</td>
+				<td>
+					<select name='MASQUERADE_BLUE'>
+						<option value='on' $selected{'MASQUERADE_BLUE'}{'on'}>$Lang::tr{'masquerading enabled'}</option>
+						<option value='off' $selected{'MASQUERADE_BLUE'}{'off'}>$Lang::tr{'masquerading disabled'}</option>
+					</select>
+				</td>
+			</tr>
+END
+	}
+
+	print <<END
+	</table>
+
+	<br>
+
 <table width='95%' cellspacing='0'>
 <tr bgcolor='$color{'color20'}'><td colspan='2' align='left'><b>$Lang::tr{'fw logging'}</b></td></tr>
 <tr><td align='left' width='60%'>$Lang::tr{'drop newnotsyn'}</td><td align='left'>on <input type='radio' name='DROPNEWNOTSYN' value='on' $checked{'DROPNEWNOTSYN'}{'on'} />/
--- a/langs/de/cgi-bin/de.pl
+++ b/langs/de/cgi-bin/de.pl
@@ -1438,6 +1438,12 @@
 'map to guest' => 'Map to Guest',
 'march' => 'März',
 'marked' => 'Markiert',
+'masquerade blue' => 'NAT auf BLAU',
+'masquerade green' => 'NAT auf GREEN',
+'masquerade orange' => 'NAT auf ORANGE',
+'masquerading' => 'Masquerading/NAT',
+'masquerading disabled' => 'NAT ausgeschaltet',
+'masquerading enabled' => 'NAT eingeschaltet',
 'max bandwith' => 'Maximale Bandbreite',
 'max incoming size' => 'Max. eingehende Größe (kB):',
 'max lease time' => 'Max. Haltezeit in min:',
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -1468,6 +1468,12 @@
 'map to guest' => 'Map to Guest',
 'march' => 'March',
 'marked' => 'Marked',
+'masquerade blue' => 'Masquerade BLUE',
+'masquerade green' => 'Masquerade GREEN',
+'masquerade orange' => 'Masquerade ORANGE',
+'masquerading' => 'Masquerading',
+'masquerading disabled' => 'Masquerading disabled',
+'masquerading enabled' => 'Masquerading enabled',
 'max bandwith' => 'Maximum bandwith',
 'max incoming size' => 'Max incoming size (KB):',
 'max lease time' => 'Max lease time (mins):',
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -327,10 +327,31 @@ iptables_red() {
 		# Outgoing masquerading (don't masqerade IPSEC (mark 50))
 		iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN

-		if [ "$IFACE" != "$GREEN_DEV" ]; then
-			iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+		if [ "$IFACE" = "$GREEN_DEV" ]; then
+			MASQUERADE_GREEN="off"
 		fi

+		local NO_MASQ_NETWORKS
+
+		if [ "${MASQUERADE_GREEN}" = "off" ]; then
+			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}"
+		fi
+
+		if [ "${MASQUERADE_BLUE}" = "off" ]; then
+			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
+		fi
+
+		if [ "${MASQUERADE_ORANGE}" = "off" ]; then
+			NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
+		fi
+
+		local network
+		for network in ${NO_MASQ_NETWORKS}; do
+			iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
+		done
+
+		# Masquerade everything else
+		iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
 	fi

 	# Reload all rules.