[Astlinux-commits] SF.net SVN: astlinux: [508] trunk

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 508
          http://svn.sourceforge.net/astlinux/?rev=508&view=rev
Author:   krisk84
Date:     2007-01-22 09:57:07 -0800 (Mon, 22 Jan 2007)

Log Message:
-----------
DMZ IP support in astfw - very cool

Modified Paths:
--------------
    trunk/package/iptables/astfw
    trunk/target/generic/target_skeleton/stat/etc/rc.conf

Modified: trunk/package/iptables/astfw
===================================================================

--- trunk/package/iptables/astfw	2007-01-19 16:34:05 UTC (rev 507)
+++ trunk/package/iptables/astfw	2007-01-22 17:57:07 UTC (rev 508)
@@ -208,6 +208,42 @@
 fi
 done
 
+# DMZ to IP support
+if [ "$DMZIP" ]
+then
+
+if [ "$DMZIPIF" ]
+then
+IF="$DMZIPIF"
+else
+IF="$INTIF"
+fi
+
+if [ "$DMZIP" = "auto" ]
+then
+DMZIP=`grep $IPBASE /var/db/dnsmasq.leases | head -n1 | cut -d" " -f3`
+IF="$INTIF"
+fi
+
+if [ "$DMZSRC" ]
+then
+iptables -t nat -A PREROUTING -p tcp -i $EXTIF -s "$DMZSRC" -j DNAT --to-destination $DMZIP
+iptables -t nat -A PREROUTING -p udp -i $EXTIF -s "$DMZSRC" -j DNAT --to-destination $DMZIP
+
+iptables -A FORWARD -i $EXTIF -o $IF -s "$DMZSRC" -d $DMZIP -m state --state NEW -p tcp -j ACCEPT
+iptables -A FORWARD -i $EXTIF -o $IF -s "$DMZSRC" -d $DMZIP -m state --state NEW -p udp -j ACCEPT
+
+else
+
+iptables -t nat -A PREROUTING -p tcp -i $EXTIF -j DNAT --to-destination $DMZIP
+iptables -t nat -A PREROUTING -p udp -i $EXTIF -j DNAT --to-destination $DMZIP
+
+iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -m state --state NEW -p tcp -j ACCEPT
+iptables -A FORWARD -i $EXTIF -o $IF -d $DMZIP -m state --state NEW -p udp -j ACCEPT
+
+fi
+fi
+
 #turn on NAT (PAT) for everything\everyone else...
 for i in $EXTIFS
 do

Modified: trunk/target/generic/target_skeleton/stat/etc/rc.conf
===================================================================
--- trunk/target/generic/target_skeleton/stat/etc/rc.conf	2007-01-19 16:34:05 UTC (rev 507)
+++ trunk/target/generic/target_skeleton/stat/etc/rc.conf	2007-01-22 17:57:07 UTC (rev 508)
@@ -168,6 +168,27 @@
 #DMZIP="192.168.102.1"
 #DMZNM="255.255.255.0"
 
+##IP DMZ Support
+##Uncomment the following lines to support more traditional DMZ setups.
+##If you define DMZIP astfw will automatically forward any new/unknown
+##tcp and udp connections coming in on EXTIF to the IP address that you
+##specify. If you say "auto", AstLinux will use the first DHCP lease from
+##the instance of dnsmasq running on INTIF.
+#DMZIP="auto"
+
+##You can also specify a IP/hostname/netblock of IPs that should still have
+##access to the AstLinux system, i.e. not be forwarded to the DMZ host.
+##Define that here.  These are examples of what is possible, only define one.
+#DMZSRC="www.astlinux.org"
+##-or
+#DMZSRC="169.207.1.3"
+##-or
+#DMZSRC="10.17.69.0/255.255.255.0"
+
+##If your DMZIP is not on INTIF, define the other interface here.  You can use
+##a real name or another variable from this file.
+#DMZIPIF="$INT2IF"
+
 ##PPPoE support from Roaring Penguin.  If you define PPPOEUSER below, AstLinux
 ##will run rp-pppoe on your $PPPOEIF. You will also need to set EXTIF to "ppp0".
 ##PPPoE kernel support


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


