radius.m4: Take over NAT duties.

author Mark Wooding <mdw@distorted.org.uk>

Sun, 10 Jul 2011 21:03:14 +0000 (22:03 +0100)

committer Mark Wooding <mdw@distorted.org.uk>

Sun, 10 Jul 2011 21:13:23 +0000 (22:13 +0100)
author Mark Wooding <mdw@distorted.org.uk>
Sun, 10 Jul 2011 21:03:14 +0000 (22:03 +0100)
committer Mark Wooding <mdw@distorted.org.uk>
Sun, 10 Jul 2011 21:13:23 +0000 (22:13 +0100)
diff --git a/radius.m4 b/radius.m4

index b2c41ed7af362317c7f258e8d9d8c0e0c7633623..f6c892bd68e4ceab9c2a3b6df8b5dd54019ba7af 100644 (file)
--- a/radius.m4
+++ b/radius.m4
@@ -70,5 +70,21 @@ run iptables -A inbound -j ACCEPT \
  ## Other interesting things.
  dnsresolver inbound
  
  ## Other interesting things.
  dnsresolver inbound
  
+## NAT for RFC1918 addresses.
+for i in PREROUTING OUTPUT POSTROUTING; do
+  run iptables -t nat -P $i ACCEPT 2>/dev/null || :
+  run iptables -t nat -F $i 2>/dev/null || :
+done
+run iptables -t nat -F
+run iptables -t nat -X
+
+run iptables -t nat -N outbound
+run iptables -t nat -A outbound -j RETURN ! -o $if_dmz
+run iptables -t nat -A outbound -j RETURN ! -s 172.29.198.0/23
+run iptables -t nat -A outbound -j RETURN -d 62.49.204.144/28
+run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
+run iptables -t nat -A outbound -j SNAT --to-source 62.49.204.158
+run iptables -t nat -A POSTROUTING -j outbound
+
  m4_divert(-1)
  ###----- That's all, folks --------------------------------------------------
  m4_divert(-1)
  ###----- That's all, folks --------------------------------------------------
author	Mark Wooding <mdw@distorted.org.uk>
	Sun, 10 Jul 2011 21:03:14 +0000 (22:03 +0100)
committer	Mark Wooding <mdw@distorted.org.uk>
	Sun, 10 Jul 2011 21:13:23 +0000 (22:13 +0100)