don't try to add MASQUERADE over WAN dinamically, use firewall (or fi…

…rewall-lime)
libremesh · Aug 7, 2016 · 1b23a3c · 1b23a3c
1 parent fdd6ceb
commit 1b23a3c
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 24 deletions.
diff --git a/packages/batman-adv-auto-gw-mode/files/etc/watchping/wan-ok.d/batman-gw b/packages/batman-adv-auto-gw-mode/files/etc/watchping/wan-ok.d/batman-gw
@@ -6,11 +6,3 @@ if grep -q "^=>" /sys/kernel/debug/batman_adv/bat0/gateways ; then
   BATTYPE=gw BATACTION=del /etc/hotplug.d/net/99-batman-gw
 fi
 batctl gw_mode server
-[ $? -eq 0 ] && {
-	# Adds a NAT rule if it does not already exist
-	iface="$(ip route get 8.8.8.8 | awk '{print $5}' | tr -d '\n')"
-	if ! iptables -v -n -L POSTROUTING -t nat | grep MASQUERADE  | grep 0.0.0.0/0 | grep -q $iface
-	then
-		iptables -A POSTROUTING -t nat -o $iface -j MASQUERADE
-	fi
-}
diff --git a/packages/bmx6-auto-gw-mode/files/etc/watchping/wan-ok.d/bmx6-gw b/packages/bmx6-auto-gw-mode/files/etc/watchping/wan-ok.d/bmx6-gw
@@ -2,11 +2,3 @@
 logger -t bmx6-auto-gw "We got Internet access, announcing it to the mesh"
 bmx6 -c tunOut -inet4
 bmx6 -c tunIn inet4 /n 0.0.0.0/0
-[ $? -eq 0 ] && {
-	# Adds a NAT rule if it does not already exist
-	iface="$(ip route get 8.8.8.8 | awk '{print $5}' | tr -d '\n')"
-	if ! iptables -v -n -L POSTROUTING -t nat | grep MASQUERADE  | grep 0.0.0.0/0 | grep -q $iface
-	then
-		iptables -A POSTROUTING -t nat -o $iface -j MASQUERADE
-	fi
-}
diff --git a/packages/bmx7-auto-gw-mode/files/etc/watchping/wan-ok.d/bmx7-gw b/packages/bmx7-auto-gw-mode/files/etc/watchping/wan-ok.d/bmx7-gw
@@ -2,11 +2,3 @@
 logger -t bmx7-auto-gw "We got Internet access, announcing it to the mesh"
 bmx7 -c tunOut -inet4
 bmx7 -c tunIn inet4 /n 0.0.0.0/0
-[ $? -eq 0 ] && {
-	# Adds a NAT rule if it does not already exist
-	iface="$(ip route get 8.8.8.8 | awk '{print $5}' | tr -d '\n')"
-	if ! iptables -v -n -L POSTROUTING -t nat | grep MASQUERADE  | grep 0.0.0.0/0 | grep -q $iface
-	then
-		iptables -A POSTROUTING -t nat -o $iface -j MASQUERADE
-	fi
-}
diff --git a/packages/lime-proto-wan/src/wan.lua b/packages/lime-proto-wan/src/wan.lua
@@ -20,6 +20,17 @@ function wan.setup_interface(ifname, args)
 	local uci = libuci:cursor()
 	uci:set("network", "wan", "ifname", ifname)
 	uci:save("network")
+
+	if opkg.installed("firewall") then
+		fs.remove("/etc/firewall.lime.d/20-wan-out-masquerade")
+	else
+		fs.mkdir("/etc/firewall.lime.d")
+		fs.writefile(
+			"/etc/firewall.lime.d/20-wan-out-masquerade",
+			"iptables -t nat -D POSTROUTING -o " .. ifname .. " -j MASQUERADE\n" ..
+			"iptables -t nat -A POSTROUTING -o " .. ifname .. " -j MASQUERADE\n"
+		)
+	end
 end
 
 return wan