re-add dport POSTROUTING snat
This commit is contained in:
parent
80bafc9f10
commit
9e257502c0
2
Cargo.lock
generated
2
Cargo.lock
generated
|
@ -1470,7 +1470,7 @@ checksum = "56770675ebc04927ded3e60633437841581c285dc6236109ea25fbf3beb7b59e"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "router"
|
name = "router"
|
||||||
version = "0.1.0"
|
version = "0.1.1"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"anyhow",
|
"anyhow",
|
||||||
"async-fs",
|
"async-fs",
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
[package]
|
[package]
|
||||||
name = "router"
|
name = "router"
|
||||||
version = "0.1.0"
|
version = "0.1.1"
|
||||||
authors = ["asonix <asonix@asonix.dog>"]
|
authors = ["asonix <asonix@asonix.dog>"]
|
||||||
edition = "2018"
|
edition = "2018"
|
||||||
build = "src/build.rs"
|
build = "src/build.rs"
|
||||||
|
|
|
@ -124,7 +124,7 @@ pub(crate) async fn forward_postrouting_snat(
|
||||||
destination_ip: Ipv4Addr,
|
destination_ip: Ipv4Addr,
|
||||||
func: impl Fn(&mut Command) -> &mut Command,
|
func: impl Fn(&mut Command) -> &mut Command,
|
||||||
) -> Result<(), anyhow::Error> {
|
) -> Result<(), anyhow::Error> {
|
||||||
iptables_nat(move |cmd| {
|
iptables_nat(|cmd| {
|
||||||
func(cmd).args(&[
|
func(cmd).args(&[
|
||||||
"POSTROUTING",
|
"POSTROUTING",
|
||||||
"-s",
|
"-s",
|
||||||
|
@ -147,6 +147,31 @@ pub(crate) async fn forward_postrouting_snat(
|
||||||
&external_ip.to_string(),
|
&external_ip.to_string(),
|
||||||
])
|
])
|
||||||
})
|
})
|
||||||
|
.await?;
|
||||||
|
|
||||||
|
iptables_nat(|cmd| {
|
||||||
|
func(cmd).args(&[
|
||||||
|
"POSTROUTING",
|
||||||
|
"-s",
|
||||||
|
&format!("{}/{}", internal_ip, internal_mask),
|
||||||
|
"-d",
|
||||||
|
&destination_ip.to_string(),
|
||||||
|
"-p",
|
||||||
|
proto.as_iptables_str(),
|
||||||
|
"-m",
|
||||||
|
proto.as_iptables_str(),
|
||||||
|
"--dport",
|
||||||
|
&internal_port.to_string(),
|
||||||
|
"-m",
|
||||||
|
"conntrack",
|
||||||
|
"--ctstate",
|
||||||
|
"NEW,RELATED,ESTABLISHED",
|
||||||
|
"-j",
|
||||||
|
"SNAT",
|
||||||
|
"--to-source",
|
||||||
|
&external_ip.to_string(),
|
||||||
|
])
|
||||||
|
})
|
||||||
.await
|
.await
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue