Changeset 0608d96


Ignore:
Timestamp:
Feb 21, 2014 11:04:53 AM (5 years ago)
Author:
Ted Faber <faber@…>
Branches:
master
Children:
ea0e8cb
Parents:
f1f9aec
Message:

Linux nat

File:
1 edited

Legend:

Unmodified
Added
Removed
  • fedd/federation/desktop_access.py

    rf1f9aec r0608d96  
    7575        if self.ospfd is None:
    7676            self.ospfd = '/usr/local/sbin/ospfd'
     77
     78        # If this is a linux box that will be NATing, the iptables value
     79        # must be the path of the iptables command and the nat_interface must
     80        # be the nat interface.
     81        self.iptables = config.get('access', 'iptables')
     82        self.nat_interface = config.get('access', 'nat_interface')
    7783
    7884        self.ssh_identity = None
     
    407413            print >>f, 'ifconfig tap0 %s netmask 255.255.255.0 up' % \
    408414                    my_addr
    409             # self.set_route('10.0.0.0/8', f, exp_peer)
    410415            print >>f, '%s -d -f %s' % (self.zebra, zebra_conf)
    411416            print >>f, '%s -d -f %s' % (self.ospfd, ospfd_conf)
     417            if self.iptables is not None and self.nat_interface is not None:
     418                print >>f, '%s -t nat -A POSTROUTING -o %s -j MASQUERADE' %\
     419                        (self.iptables, self.nat_interface)
     420                print >>f, ('%s -A FORWARD -i %s -o tap0 -m state ' +
     421                    '--state RELATED,ESTABLISHED -j ACCEPT') % \
     422                            (self.iptables, self.nat_interface)
     423                print >>f, '%s -A FORWARD -i tap0 -o %s -j ACCEPT' % \
     424                        (self.iptables, self.nat_interface)
    412425            f.close()
    413426            os.chmod(cscript, 0755)
    414427            f = open(dscript, 'w')
    415428            print >>f, '#!/bin/sh'
     429            if self.iptables is not None and self.nat_interface is not None:
     430                print >>f, '%s -t nat -D POSTROUTING -o %s -j MASQUERADE' %\
     431                        (self.iptables, self.nat_interface)
     432                print >>f, ('%s -D FORWARD -i %s -o tap0 -m state ' +
     433                    '--state RELATED,ESTABLISHED -j ACCEPT') % \
     434                            (self.iptables, self.nat_interface)
     435                print >>f, '%s -D FORWARD -i tap0 -o %s -j ACCEPT' % \
     436                        (self.iptables, self.nat_interface)
     437            # Linux ?
    416438            print >>f, 'ifconfig tap0 destroy'
    417439            self.unset_route(peer, f)
    418             #self.unset_route('10.0.0.0/8', f)
    419440            print >>f, 'mv /etc/hosts.DETER.fedd.hold /etc/hosts'
    420441            print >>f, 'kill `cat /var/run/quagga/ospfd.pid`'
    421442            print >>f, 'kill `cat /var/run/quagga/zebra.pid`'
     443            if self.iptables is not None and self.nat_interface is not None:
     444                print >>f, '%s -t nat -D POSTROUTING -o %s -j MASQUERADE' %\
     445                        (self.iptables, self.nat_interface)
     446                print >>f, ('%s -D FORWARD -i %s -o tap0 -m state ' +
     447                    '--state RELATED,ESTABLISHED -j ACCEPT') % \
     448                            (self.iptables, self.nat_interface)
     449                print >>f, '%s -D FORWARD -i tap0 -o %s -j ACCEPT' % \
     450                        (self.iptables, self.nat_interface)
    422451            f.close()
    423452            os.chmod(dscript, 0755)
Note: See TracChangeset for help on using the changeset viewer.