Ignore:
Timestamp:
Aug 2, 2009, 12:19:41 PM (15 years ago)
Author:
george
Message:
  • Přidáno: Podpora pro zasílání dat po menších balících pro třídu Routerboard.
  • Upraveno: Generování NATu uzpůsobeno pro třídu Routerboard.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/system/generators/nat_routerboard.php

    r235 r240  
    22
    33if(isset($_SERVER['REMOTE_ADDR'])) die();
    4 include_once('../../global.php');
     4include('../../global.php');
     5include('../routerboard.php');
     6$Path = array('ip', 'firewall', 'nat');
     7
     8$Routerboard = new Routerboard($Config['MainRouter']['HostName']);
     9$Routerboard->UserName = $Config['MainRouter']['UserName'];
     10$Routerboard->Timeout = $Config['MainRouter']['ConnectTimeout'];
    511
    612$InetInterface = $Config['MainRouter']['InetInterface'];
    713
    8 $Commands = array();
    9 $Commands[] = '/ip firewall nat { remove [find] }';
    10 
     14$Items = array();
    1115$DbResult = $Database->query('SELECT Member.*, Subject.Name FROM Member JOIN Subject ON Member.Subject = Subject.Id');
    1216while($Member = $DbResult->fetch_assoc())
     
    2125    $Name = RouterOSIdent($Name);
    2226    echo($Name.'('.$Interface['LocalIP'].'), ');
    23     $Commands[] = ' /ip firewall nat add chain=srcnat src-address='.$Interface['LocalIP'].' out-interface='.$InetInterface.' action=src-nat to-addresses='.$Interface['ExternalIP'].' comment="'.$Name.'"';
    24     $Commands[] = ' /ip firewall nat add chain=dstnat dst-address='.$Interface['ExternalIP'].' in-interface='.$InetInterface.' action=dst-nat to-addresses='.$Interface['LocalIP'].' comment="'.$Name.'"';
    25 
    26     // Temporary old incoming public subnet range
    27     $ExternalIPParts = explode('.', $Interface['ExternalIP']);
    28     $ExternalIPParts[0] = 85;
    29     $ExternalIPParts[1] = 92;
    30     $ExternalIPParts[2] = 50;
    31     $Interface['ExternalIP'] = implode('.', $ExternalIPParts);
    32     $Commands[] = ' /ip firewall nat add chain=dstnat dst-address='.$Interface['ExternalIP'].' in-interface='.$InetInterface.' action=dst-nat to-addresses='.$Interface['LocalIP'].' comment="'.$Name.'"';
     27    $Items[] = array('chain' => 'srcnat', 'src-address' => $Interface['LocalIP'], 'out-interface' => $InetInterface, 'action' => 'src-nat',  'to-addresses' => $Interface['ExternalIP'], 'comment' => $Name);
     28    $Items[] = array('chain' => 'dstnat', 'dst-address' => $Interface['ExternalIP'], 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name);
    3329  }
    3430
     
    4137    $Range = CIDRToAddressRange($Subnet['ExtAddressRange'], $Subnet['ExtMask']);
    4238    $Range = $Range['From'].'-'.$Range['To'];
    43     $Commands[] = ' /ip firewall nat add chain=srcnat src-address='.$Subnet['AddressRange'].'/'.$Subnet['Mask'].' out-interface='.$InetInterface.' action=src-nat to-addresses='.$Range.' comment="'.$Subnet['Name'].'"';
     39    $Items[] = array('chain' => 'srcnat', 'src-address' => $Subnet['AddressRange'].'/'.$Subnet['Mask'], 'out-interface' => $InetInterface, 'action' => 'src-nat', 'to-addresses' => $Range, 'comment' => $Subnet['Name']);
    4440    $Range = CIDRToAddressRange($Subnet['AddressRange'], $Subnet['Mask']);
    4541    $Range = $Range['From'].'-'.$Range['To'];
    46     $Commands[] = ' /ip firewall nat add chain=dstnat dst-address='.$Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'].' in-interface='.$InetInterface.' action=dst-nat to-addresses='.$Range.' comment="'.$Subnet['Name'].'"';
     42    $Items[] = array('chain' => 'dstnat', 'dst-address' => $Subnet['ExtAddressRange'].'/'.$Subnet['ExtMask'], 'in-interface' => $InetInterface, 'action' => 'dst-nat',  'to-addresses' => $Range, 'comment' => $Subnet['Name']);
    4743  }
    4844  echo("\n");
     
    5046
    5147// Masquerade hosts without public ip
    52 $Commands[] = ' /ip firewall nat add chain=srcnat out-interface='.$InetInterface.' action=masquerade comment="Default NAT"';     
     48$Items[] = array('chain' => 'srcnat', 'out-interface' => $InetInterface, 'action' => 'masquerade', 'comment' => 'Default_NAT');     
    5349// Redirect DNS port
    54 $Commands[] = ' /ip firewall nat add chain=dstnat dst-address=212.111.4.174 protocol=tcp dst-port=53 in-interface='.$InetInterface.' action=dst-nat to-address=192.168.0.1 to-ports=53 comment="DNS redirection UDP"';
    55 $Commands[] = ' /ip firewall nat add chain=dstnat dst-address=212.111.4.174 protocol=udp dst-port=53 in-interface='.$InetInterface.' action=dst-nat to-address=192.168.0.1 to-ports=53 comment="DNS redirection UDP"';
     50$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '192.168.0.1', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
     51$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '192.168.0.1', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
    5652
    57 $Commands = addslashes(implode(';', $Commands));
    58 $Command = '/usr/bin/ssh -o ConnectTimeout=5 -l '.$Config['MainRouter']['UserName'].' -i id_dsa '.$Config['MainRouter']['HostName'].' "'.$Commands.'"';
    59 $Output = array();
    60 //echo($Command."\n");
    61 exec($Command, $Output);
    62 //array_pop($Output);
    63 //print_r($Output);
    64 
    65 /*
    66 // SMTP NAT port 25
    67 $DbResult = $Database->select('hosts', '*', 'name="mail"');
    68 $Row = $DbResult->fetch_array();
    69 exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP');
    70 exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);
    71 exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT');
    72 exec('/sbin/iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
    73 
    74 // Local network NAT
    75 $DbResult = $Database->select('hosts', '*', 'name="gate"');
    76 $Row = $DbResult->fetch_array();
    77 exec('/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
    78 //exec('/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
    79 //exec('/sbin/iptables -t nat -A POSTROUTING -s 212.111.16.94 -o eth1 -j MASQUERADE');
    80 
    81 exec('/sbin/iptables-save>/etc/sysconfig/iptables');
    82 */
     53$Routerboard->ListUpdate($Path, array('chain', 'dst-address', 'in-interface', 'src-address', 'out-interface', 'to-ports', 'dst-port', 'protocol', 'action', 'to-addresses', 'comment'), $Items);
    8354
    8455?>
Note: See TracChangeset for help on using the changeset viewer.