[server] fw_initialize() vs. fw_config_init() bug fix for use_masquerade

2013-12-14 19:41:00 -05:00 · 2013-12-14 19:41:00 -05:00 · 919f25f85d
commit 919f25f85d
parent 92cdb47ff7
2 changed files with 15 additions and 19 deletions
--- a/server/config_init.c
+++ b/server/config_init.c
@ -448,7 +448,7 @@ validate_options(fko_srv_options_t *opts)
    */
    if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1) == 0)
    {
-        /* Note that fw_initialize() will set use_masquerade if necessary
+        /* Note that fw_config_init() will set use_masquerade if necessary
        */
        if(opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
        {
--- a/server/fw_util_iptables.c
+++ b/server/fw_util_iptables.c
@ -814,7 +814,6 @@ fw_config_init(fko_srv_options_t * const opts)
    */
    if(strncasecmp(opts->config[CONF_ENABLE_IPT_FORWARDING], "Y", 1)==0)
    {
-
        if(set_fw_chain_conf(IPT_FORWARD_ACCESS, opts->config[CONF_IPT_FORWARD_ACCESS]) != 1)
            return 0;

@ -825,21 +824,27 @@ fw_config_init(fko_srv_options_t * const opts)
        */
        if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1)==0)
        {
-            if(opts->fw_config->use_masquerade == 1)
+            if(opts->config[CONF_SNAT_TRANSLATE_IP] == NULL
+                    || ! is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
            {
+                fwc.use_masquerade = 1;
                if(set_fw_chain_conf(IPT_MASQUERADE_ACCESS, opts->config[CONF_IPT_MASQUERADE_ACCESS]) != 1)
                    return 0;
            }
-            else if((opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
-              && (is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP])))
+            else
+            {
+                if(is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
                {
                    if(set_fw_chain_conf(IPT_SNAT_ACCESS, opts->config[CONF_IPT_SNAT_ACCESS]) != 1)
                        return 0;
                }
                else
+                {
                    return 0;
                }
            }
+        }
+    }

    /* Let us find it via our opts struct as well.
    */
@ -882,15 +887,6 @@ fw_initialize(const fko_srv_options_t * const opts)
        }
    }

-    if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1) == 0)
-    {
-        if(opts->config[CONF_SNAT_TRANSLATE_IP] == NULL
-                || ! is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
-        {
-            opts->fw_config->use_masquerade = 1;
-        }
-    }
-
    /* See if iptables offers the '-C' argument (older versions don't).  If not,
     * then switch to parsing iptables -L output to find rules.
    */