Ignore:
Timestamp:
Oct 3, 2010, 12:29:03 PM (14 years ago)
Author:
george
Message:
  • Přidáno: Skript pro generování pravidel filter hlavního routeru.
  • Přidáno: Generování NAT pravidel pro překlad a směrování místních veřejný adres zpět do sítě.
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/system/generators/firewall_nat.php

    r292 r298  
    1313
    1414$InetInterface = $Config['MainRouter']['InetInterface'];
     15$LocalInterface = $Config['MainRouter']['InetInterface'];
    1516$IPCentrala = '10.145.64.8';
    1617
     
    9697// Masquerade hosts without public ip
    9798$Items[] = array('chain' => 'inet-out', 'action' => 'src-nat', 'to-addresses' => '77.92.221.106', 'comment' => 'Default_NAT');
     99
    98100// Redirect DNS port
    99101$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'tcp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_TCP');
    100102$Items[] = array('chain' => 'dstnat', 'dst-address' => '212.111.4.174', 'protocol' => 'udp', 'dst-port' => 53, 'in-interface' => $InetInterface, 'action' => 'dst-nat', 'to-addresses' => '10.145.64.8', 'to-ports' => 53, 'comment' => 'DNS_redirection_UDP');
     103
     104
     105// Chain for local interface
     106$Items[] = array('chain' => 'srcnat', 'out-interface' => $LocalInterface, 'action' => 'jump', 'jump-target' => 'local-out', 'comment' => 'local-out');
     107$Items[] = array('chain' => 'dstnat', 'in-interface' => $LocalInterface, 'action' => 'jump', 'jump-target' => 'local-in', 'comment' => 'local-in');
     108
     109// Route public addresses localy
     110$DbResult = $Database->query('SELECT Member.*, Subject.Name FROM Member JOIN Subject ON Member.Subject = Subject.Id');
     111while($Member = $DbResult->fetch_assoc())
     112{
     113  echo($Member['Name'].': ');
     114  // Hosts
     115  $DbResult2 = $Database->query('SELECT NetworkInterface.*, NetworkDevice.Name AS DeviceName FROM NetworkInterface LEFT JOIN NetworkDevice ON NetworkDevice.Id = NetworkInterface.Device WHERE (NetworkInterface.ExternalIP <> "") AND (NetworkDevice.Member = '.$Member['Id'].') AND (NetworkInterface.LocalIP != NetworkInterface.ExternalIP) ORDER BY id DESC');
     116  while($Interface = $DbResult2->fetch_assoc())
     117  {
     118    $Name = $Interface['DeviceName'];
     119    if($Interface['Name'] != '') $Name .= '-'.$Interface['Name'];
     120    $Name = RouterOSIdent($Name);
     121    echo($Name.'('.$Interface['LocalIP'].'), ');
     122    $Items[] = array('chain' => 'local-in', 'dst-address' => $Interface['ExternalIP'], 'action' => 'dst-nat', 'to-addresses' => $Interface['LocalIP'], 'comment' => $Name.'-in-local');
     123  }
     124  echo("\n");
     125}
     126
     127// Map returned local traffic to virtual subnet
     128$Items[] = array('chain' => 'local-out', 'src-address' => '10.145.64.0/16', 'action' => 'netmap',  'to-addresses' => '10.45.64.0/16', 'comment' => 'map-local');
     129
    101130
    102131//print_r($Items);
Note: See TracChangeset for help on using the changeset viewer.