DeforaNetworks/fwknop
DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity

[server] fw_initialize() vs. fw_config_init() bug fix for use_masquerade

Browse Source
This commit is contained in:
Michael Rash 2013-12-14 19:41:00 -05:00
parent 92cdb47ff7
commit 919f25f85d
2 changed files with 15 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/config_init.c
View File

@ -448,7 +448,7 @@ validate_options(fko_srv_options_t *opts)
*/ */
if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1) == 0) if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1) == 0)
{ {
/* Note that fw_initialize() will set use_masquerade if necessary /* Note that fw_config_init() will set use_masquerade if necessary
*/ */
if(opts->config[CONF_SNAT_TRANSLATE_IP] != NULL) if(opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
{ {

32
server/fw_util_iptables.c
View File

@ -814,7 +814,6 @@ fw_config_init(fko_srv_options_t * const opts)
*/ */
if(strncasecmp(opts->config[CONF_ENABLE_IPT_FORWARDING], "Y", 1)==0) if(strncasecmp(opts->config[CONF_ENABLE_IPT_FORWARDING], "Y", 1)==0)
{ {
if(set_fw_chain_conf(IPT_FORWARD_ACCESS, opts->config[CONF_IPT_FORWARD_ACCESS]) != 1) if(set_fw_chain_conf(IPT_FORWARD_ACCESS, opts->config[CONF_IPT_FORWARD_ACCESS]) != 1)
return 0; return 0;
@ -825,19 +824,25 @@ fw_config_init(fko_srv_options_t * const opts)
*/ */
if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1)==0) if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1)==0)
{ {
if(opts->fw_config->use_masquerade == 1) if(opts->config[CONF_SNAT_TRANSLATE_IP] == NULL
|| ! is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
{ {
fwc.use_masquerade = 1;
if(set_fw_chain_conf(IPT_MASQUERADE_ACCESS, opts->config[CONF_IPT_MASQUERADE_ACCESS]) != 1) if(set_fw_chain_conf(IPT_MASQUERADE_ACCESS, opts->config[CONF_IPT_MASQUERADE_ACCESS]) != 1)
return 0; return 0;
} }
else if((opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
&& (is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP])))
{
if(set_fw_chain_conf(IPT_SNAT_ACCESS, opts->config[CONF_IPT_SNAT_ACCESS]) != 1)
return 0;
}
else else
return 0; {
if(is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
{
if(set_fw_chain_conf(IPT_SNAT_ACCESS, opts->config[CONF_IPT_SNAT_ACCESS]) != 1)
return 0;
}
else
{
return 0;
}
}
} }
} }
@ -882,15 +887,6 @@ fw_initialize(const fko_srv_options_t * const opts)
} }
} }
if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1) == 0)
{
if(opts->config[CONF_SNAT_TRANSLATE_IP] == NULL
|| ! is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
{
opts->fw_config->use_masquerade = 1;
}
}
/* See if iptables offers the '-C' argument (older versions don't). If not, /* See if iptables offers the '-C' argument (older versions don't). If not,
* then switch to parsing iptables -L output to find rules. * then switch to parsing iptables -L output to find rules.
*/ */