480 lines
21 KiB
Bash
Executable file
480 lines
21 KiB
Bash
Executable file
#!/bin/sh
|
|
PROFILE_CFG=/userfs/profile.cfg
|
|
if [ -f $PROFILE_CFG ] ; then
|
|
chmod 777 $PROFILE_CFG
|
|
. $PROFILE_CFG
|
|
fi
|
|
|
|
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ] || [ "$MSTC_ETHER_WAN" != "" ]; then
|
|
if [ $# != 4 ] ; then
|
|
echo "usage: $0 [add/del] [PVC#] [Service ID#] [Rule#]"
|
|
exit 0
|
|
fi
|
|
else
|
|
if [ $# != 3 ] ; then
|
|
echo "usage: $0 [add/del] [PVC#] [Rule#]"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
if [ $1 = "add" ] ; then
|
|
OPT=-I
|
|
elif [ $1 = "del" ] ; then
|
|
OPT=-D
|
|
else
|
|
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ] || [ "$MSTC_ETHER_WAN" != "" ]; then
|
|
echo "usage: $0 [add/del] [PVC#] [Service ID#] [Rule#]"
|
|
else
|
|
echo "usage: $0 [add/del] [PVC#] [Rule#]"
|
|
fi
|
|
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ] || [ "$MSTC_ETHER_WAN" != "" ]; then
|
|
if [ "$2" = "8" ] || [ "$2" = "9" ] || [ "$2" = "10" ]; then
|
|
PVC="$2"_"$3"
|
|
RULE=$4
|
|
else
|
|
PVC=$2
|
|
RULE=$4
|
|
fi
|
|
else
|
|
PVC=$2
|
|
RULE=$3
|
|
fi
|
|
|
|
VS_CONF=/etc/nat_pvc$PVC/vserver$RULE
|
|
if [ -f $VS_CONF ] ; then
|
|
chmod +x $VS_CONF
|
|
. $VS_CONF
|
|
else
|
|
exit 0
|
|
fi
|
|
if [ "$MSTC_COMMON_PORTMAP_HOSTNAME" != "" ] && [ -z $LOCALIP ] ; then
|
|
exit 0
|
|
fi
|
|
if [ "$LOCAL_SPORT" = "" ] ; then
|
|
LOCAL_SPORT="$STARTPORT"
|
|
fi
|
|
if [ "$LOCAL_EPORT" = "" ] ; then
|
|
PORT_RANGE=`expr $ENDPORT - $STARTPORT`
|
|
LOCAL_EPORT=`expr $LOCAL_SPORT + $PORT_RANGE`
|
|
fi
|
|
if [ "$MSTC_GVT_GUI" != "" ] || [ "$MSTC_SOPHIA_COMMON_GUI" != "" ] ;then
|
|
EXT_IP=$REMOTEIP
|
|
fi
|
|
EXT_SPORT=$STARTPORT
|
|
EXT_EPORT=$ENDPORT
|
|
INT_IP=$LOCALIP
|
|
#if [ "$TCSUPPORT_VIRSVR_APPL_AND_PROT" != "" ] ;then
|
|
PROTOCOL=$PROTOCOL
|
|
#else
|
|
#PROTOCOL=ALL
|
|
#fi
|
|
#if [ "$TCSUPPORT_VIRSVR_LOCAL_PORT" != "" ] || [ "$TCSUPPORT_VIRSVR_APPL_AND_PROT" != "" ] ;then
|
|
INT_SPORT=$LOCAL_SPORT
|
|
INT_EPORT=$LOCAL_EPORT
|
|
#fi
|
|
if [ "$TTNET_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
ADDRULE=$ADDRULEFLAG
|
|
fi
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
PROTO=$PROTOCOL
|
|
fi
|
|
|
|
# get ipmode (Single or Multiple)
|
|
IPMODE_CONF=/etc/nat_pvc$PVC/ipmode
|
|
if [ -f $IPMODE_CONF ] ; then
|
|
chmod +x $IPMODE_CONF
|
|
. $IPMODE_CONF
|
|
fi
|
|
SERVER_IP="0.0.0.0"
|
|
if [ "$IPMODE" = "Multiple" ] ; then
|
|
SERVERIP_CONF=/etc/nat_pvc$PVC/server_ip
|
|
if [ -f $SERVERIP_CONF ] ; then
|
|
chmod +x $SERVERIP_CONF
|
|
. $SERVERIP_CONF
|
|
fi
|
|
fi
|
|
|
|
# default wan_if
|
|
WAN_IF=nas$PVC
|
|
CONFFILE=/etc/isp$PVC.conf
|
|
if [ -f $CONFFILE ] ; then
|
|
chmod +x $CONFFILE
|
|
. $CONFFILE
|
|
fi
|
|
# PPPoE/PPPoA
|
|
if [ "$ISP" = "2" ] ; then
|
|
if [ "$TCSUPPORT_MULTISERVICE_ON_WAN" != "" ] && [ "$TCSUPPORT_WAN_PTM" != "" -o "$TCSUPPORT_WAN_ETHER" != "" ]; then
|
|
if [ "$2" = "8" ] || [ "$2" = "9" ] || [ "$2" = "10" ]; then
|
|
WAN_IF=ppp"$2""$3"
|
|
else
|
|
WAN_IF=ppp$2
|
|
fi
|
|
else
|
|
WAN_IF=ppp$PVC
|
|
fi
|
|
fi
|
|
|
|
#change WAN iface name for ethernet WAN
|
|
ENETWAN_CONF=/etc/port4.conf
|
|
if [ "$MSTC_ETHER_WAN" != "" ] ; then
|
|
if [ "$2" = "10" ] ; then
|
|
ENETWAN_CONF=/etc/isp$PVC.conf
|
|
fi
|
|
fi
|
|
if [ -f $ENETWAN_CONF ] ; then
|
|
chmod +x $ENETWAN_CONF
|
|
. $ENETWAN_CONF
|
|
|
|
IS_ETHERNETWAN="$Active"
|
|
ETHERNETWAN_CONNECTTYPE="$ConnectType"
|
|
if [ "$IS_ETHERNETWAN" = "Yes" ] ; then
|
|
if [ "$2" = "10" ] ; then
|
|
if [ "$ISP" = "2" ] ; then
|
|
WAN_IF="ppp$2$3"
|
|
else
|
|
if [ "$dot1q" = "Yes" ] ; then
|
|
WAN_IF="eth0.$VLANID"
|
|
else
|
|
WAN_IF="eth0.1"
|
|
fi
|
|
fi
|
|
else
|
|
exit 0
|
|
fi
|
|
fi
|
|
fi
|
|
if [ "$SERVER_IP" = "0.0.0.0" ] ; then
|
|
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$MSTC_COLUMBIA_SPECIAL_IPADDRMAP" != "" ] && [ ! -z $WAN_IP ]; then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
fi
|
|
elif ( [ "$MSTC_GVT_GUI" != "" ] || [ "$MSTC_SOPHIA_COMMON_GUI" != "" ] ) && [ ! -z $EXT_IP ] ; then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -s $EXT_IP-j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
fi
|
|
else
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
fi
|
|
fi
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
fi
|
|
else
|
|
case "$TELECOM_CUSTOMER_PORTFORWARDING" in
|
|
"y")
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
|
|
fi
|
|
;;
|
|
"*")
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j DNAT --to $INT_IP
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if [ "$TTNET_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$ADDRULE" = "1" ] ;then
|
|
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
fi
|
|
fi
|
|
else
|
|
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if ( [ "$MSTC_GVT_GUI" != "" ] || [ "$MSTC_SOPHIA_COMMON_GUI" != "" ] ) && [ ! -z $EXT_IP ] ; then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -s $EXT_IP -j ACCEPT
|
|
fi
|
|
else
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
|
|
fi
|
|
fi
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -i $WAN_IF -j ACCEPT
|
|
fi
|
|
else
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
|
|
fi
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -i $WAN_IF -j ACCEPT
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
if ([ ! -z $WAN_IP ] && [ "$LoopBackEnable" = "on" ]) || ([ ! -z $WAN_IP ] && [ $1 = "del" ]); then
|
|
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
fi
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
fi
|
|
if [ ! -z $LAN_ALIAS_IP ] ; then
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
fi
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $INT_SPORT:$INT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
fi
|
|
fi
|
|
else
|
|
case "$TELECOM_CUSTOMER_PORTFORWARDING" in
|
|
"y")
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
fi
|
|
;;
|
|
"*")
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_IP/$LAN_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_IP/$LAN_NETMASK -j SNAT --to $WAN_IP
|
|
;;
|
|
esac
|
|
if [ ! -z $LAN_ALIAS_IP ] ; then
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
fi
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $WAN_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
|
|
iptables -t nat $OPT POSTROUTING -p udp --dport $EXT_SPORT:$EXT_EPORT -d $INT_IP -s $LAN_ALIAS_IP/$LAN_ALIAS_NETMASK -j SNAT --to $WAN_IP
|
|
fi
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
else
|
|
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
fi
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP:$INT_SPORT-$INT_EPORT
|
|
fi
|
|
else
|
|
case "$TELECOM_CUSTOMER_PORTFORWARDING" in
|
|
"y")
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
|
|
else
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
|
|
fi
|
|
;;
|
|
"*")
|
|
iptables -t nat $OPT VS_PRE$PVC -p tcp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
|
|
|
|
iptables -t nat $OPT VS_PRE$PVC -p udp --dport $EXT_SPORT:$EXT_EPORT -d $SERVER_IP -s 0/0 -j DNAT --to $INT_IP
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
if [ "$TTNET_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$ADDRULE" = "1" ] ;then
|
|
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
fi
|
|
fi
|
|
else
|
|
if [ "$TCSUPPORT_PORT_TRANSLATION" != "" ] ;then
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
fi
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $INT_SPORT:$INT_EPORT -s 0/0 -j ACCEPT
|
|
fi
|
|
else
|
|
if [ "$TELECOM_CUSTOMER_PORTFORWARDING" != "" ] ;then
|
|
if [ "$PROTO" = "TCP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
elif [ "$PROTO" = "UDP" ] ; then
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
fi
|
|
else
|
|
iptables $OPT PORT_FORWARDING -p tcp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
|
|
iptables $OPT PORT_FORWARDING -p udp -d $INT_IP --dport $EXT_SPORT:$EXT_EPORT -s 0/0 -j ACCEPT
|
|
fi
|
|
fi
|
|
|
|
fi
|
|
fi
|
|
|
|
if [ "$TTNET_PORTFORWARDING_FROM_ACS_PASS_FIREWALL" != "" ] ;then
|
|
if [ "$PORTFORWARD" = "Yes" ] ; then
|
|
iptables $OPT CWMP_CR -p tcp --dport $INT_SPORT:$INT_EPORT -i ! br0 -j ACCEPT
|
|
iptables $OPT CWMP_CR -p udp --dport $INT_SPORT:$INT_EPORT -i ! br0 -j ACCEPT
|
|
fi
|
|
fi
|