gpt-2741gnac_root_files/_mtdblock5.img.extracted/squashfs-root/usr/script/vserver.sh
2023-11-26 03:26:24 -03:00

480 lines
21 KiB
Bash
Executable file

#!/bin/sh
PROFILE_CFG=/userfs/profile.cfg
if [ -f $PROFILE_CFG ] ; then
chmod 777 $PROFILE_CFG
. $PROFILE_CFG
fi
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ] || [ "$MSTC_ETHER_WAN" != "" ]; then
if [ $# != 4 ] ; then
echo "usage: $0 [add/del] [PVC#] [Service ID#] [Rule#]"
exit 0
fi
else
if [ $# != 3 ] ; then
echo "usage: $0 [add/del] [PVC#] [Rule#]"
exit 0
fi
fi
if [ $1 = "add" ] ; then
OPT=-I
elif [ $1 = "del" ] ; then
OPT=-D
else
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ] || [ "$MSTC_ETHER_WAN" != "" ]; then
echo "usage: $0 [add/del] [PVC#] [Service ID#] [Rule#]"
else
echo "usage: $0 [add/del] [PVC#] [Rule#]"
fi
exit 0
fi
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ] || [ "$MSTC_ETHER_WAN" != "" ]; then
if [ "$2" = "8" ] || [ "$2" = "9" ] || [ "$2" = "10" ]; then
PVC="$2"_"$3"
RULE=$4
else
PVC=$2
RULE=$4
fi
else
PVC=$2
RULE=$3
fi
VS_CONF=/etc/nat_pvc$PVC/vserver$RULE
if [ -f $VS_CONF ] ; then
chmod +x $VS_CONF
. $VS_CONF
else
exit 0
fi
if [ "$MSTC_COMMON_PORTMAP_HOSTNAME" != "" ] && [ -z $LOCALIP ] ; then
exit 0
fi
if [ "$LOCAL_SPORT" = "" ] ; then
LOCAL_SPORT="$STARTPORT"
fi
if [ "$LOCAL_EPORT" = "" ] ; then
PORT_RANGE=`expr $ENDPORT - $STARTPORT`
LOCAL_EPORT=`expr $LOCAL_SPORT + $PORT_RANGE`
fi
if [ "$MSTC_GVT_GUI" != "" ] || [ "$MSTC_SOPHIA_COMMON_GUI" != "" ] ;then
EXT_IP=$REMOTEIP
fi
EXT_SPORT=$STARTPORT
EXT_EPORT=$ENDPORT
INT_IP=$LOCALIP
#if [ "$TCSUPPORT_VIRSVR_APPL_AND_PROT" != "" ] ;then
PROTOCOL=$PROTOCOL
#else
#PROTOCOL=ALL
#fi
#if [ "$TCSUPPORT_VIRSVR_LOCAL_PORT" != "" ] || [ "$TCSUPPORT_VIRSVR_APPL_AND_PROT" != "" ] ;then
INT_SPORT=$LOCAL_SPORT
INT_EPORT=$LOCAL_EPORT
#fi
if [ "$TTNET_CUSTOMER_PORTFORWARDING" != "" ] ;then
ADDRULE=$ADDRULEFLAG
fi
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
PROTO=$PROTOCOL
fi
# get ipmode (Single or Multiple)
IPMODE_CONF=/etc/nat_pvc$PVC/ipmode
if [ -f $IPMODE_CONF ] ; then
chmod +x $IPMODE_CONF
. $IPMODE_CONF
fi
SERVER_IP="0.0.0.0"
if [ "$IPMODE" = "Multiple" ] ; then
SERVERIP_CONF=/etc/nat_pvc$PVC/server_ip
if [ -f $SERVERIP_CONF ] ; then
chmod +x $SERVERIP_CONF
. $SERVERIP_CONF
fi
fi
# default wan_if
WAN_IF=nas$PVC
CONFFILE=/etc/isp$PVC.conf
if [ -f $CONFFILE ] ; then
chmod +x $CONFFILE
. $CONFFILE
fi
# PPPoE/PPPoA
if [ "$ISP" = "2" ] ; then
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ]; then
if [ "$2" = "8" ] || [ "$2" = "9" ] || [ "$2" = "10" ]; then
WAN_IF=ppp"$2""$3"
else
WAN_IF=ppp$2
fi
else
WAN_IF=ppp$PVC
fi
fi
#change WAN iface name for ethernet WAN
ENETWAN_CONF=/etc/port4.conf
if [ "$MSTC_ETHER_WAN" != "" ] ; then
if [ "$2" = "10" ] ; then
ENETWAN_CONF=/etc/isp$PVC.conf
fi
fi
if [ -f $ENETWAN_CONF ] ; then
chmod +x $ENETWAN_CONF
. $ENETWAN_CONF
IS_ETHERNETWAN="$Active"
ETHERNETWAN_CONNECTTYPE="$ConnectType"
if [ "$IS_ETHERNETWAN" = "Yes" ] ; then
if [ "$2" = "10" ] ; then
if [ "$ISP" = "2" ] ; then
WAN_IF="ppp$2$3"
else
if [ "$dot1q" = "Yes" ] ; then
WAN_IF="eth0.$VLANID"
else
WAN_IF="eth0.1"
fi
fi
else
exit 0
fi
fi
fi
if [ "$SERVER_IP" = "0.0.0.0" ] ; then
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$MSTC_COLUMBIA_SPECIAL_IPADDRMAP" != "" ] && [ ! -z $WAN_IP ]; then
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
fi
elif ( [ "$MSTC_GVT_GUI" != "" ] || [ "$MSTC_SOPHIA_COMMON_GUI" != "" ] ) && [ ! -z $EXT_IP ] ; then
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP-j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
fi
else
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
fi
fi
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
fi
else
case "$TELECOM_CUSTOMER_PORTFORWARDING" in
"y")
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
fi
;;
"*")
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
;;
esac
fi
if [ "$TTNET_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$ADDRULE" = "1" ] ;then
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
fi
fi
else
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if ( [ "$MSTC_GVT_GUI" != "" ] || [ "$MSTC_SOPHIA_COMMON_GUI" != "" ] ) && [ ! -z $EXT_IP ] ; then
if [ "$PROTO" = "TCP" ] ; then
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
elif [ "$PROTO" = "UDP" ] ; then
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
fi
else
if [ "$PROTO" = "TCP" ] ; then
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
elif [ "$PROTO" = "UDP" ] ; then
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
fi
fi
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
fi
else
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$PROTO" = "TCP" ] ; then
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
elif [ "$PROTO" = "UDP" ] ; then
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
fi
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
fi
fi
fi
if ([ ! -z $WAN_IP ] && [ "$LoopBackEnable" = "on" ]) || ([ ! -z $WAN_IP ] && [ $1 = "del" ]); then
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
fi
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
fi
if [ ! -z $LAN_ALIAS_IP ] ; then
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
fi
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
fi
fi
else
case "$TELECOM_CUSTOMER_PORTFORWARDING" in
"y")
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
fi
;;
"*")
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
;;
esac
if [ ! -z $LAN_ALIAS_IP ] ; then
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
fi
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
fi
fi
fi
fi
else
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
fi
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
fi
else
case "$TELECOM_CUSTOMER_PORTFORWARDING" in
"y")
if [ "$PROTO" = "TCP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
elif [ "$PROTO" = "UDP" ] ; then
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
else
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
fi
;;
"*")
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
;;
esac
fi
if [ "$TTNET_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$ADDRULE" = "1" ] ;then
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
fi
fi
else
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$PROTO" = "TCP" ] ; then
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
elif [ "$PROTO" = "UDP" ] ; then
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
fi
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
fi
else
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
if [ "$PROTO" = "TCP" ] ; then
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
elif [ "$PROTO" = "UDP" ] ; then
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
fi
else
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
fi
fi
fi
fi
if [ "$TTNET_PORTFORWARDING_FROM_ACS_PASS_FIREWALL" != "" ] ;then
if [ "$PORTFORWARD" = "Yes" ] ; then
iptables $OPT CWMP_CR -p tcp --dport $INT_SPORT:$INT_EPORT -i ! br0 -j ACCEPT
iptables $OPT CWMP_CR -p udp --dport $INT_SPORT:$INT_EPORT -i ! br0 -j ACCEPT
fi
fi