Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add -s source for MASQUERADE rule #773

Merged
merged 2 commits into from
Apr 30, 2024
Merged

add -s source for MASQUERADE rule #773

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c7c86ec
add -s source for MASQUERADE rule
yabinma Apr 23, 2024
7f88679
add ipv6 network source in MASQUERADE rule
yabinma Apr 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion firewall/iptables_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -299,14 +299,16 @@ func (i *iptablesManager) InsertEgressRoutingRules(server string, egressInfo mod
for _, egressGwRange := range egressInfo.EgressGWCfg.Ranges {
if egressInfo.EgressGWCfg.NatEnabled == "yes" {
iptablesClient := i.ipv4Client
source := egressInfo.Network.String()
if !isAddrIpv4(egressGwRange) {
iptablesClient = i.ipv6Client
source = egressInfo.Network6.String()
}
egressRangeIface, err := getInterfaceName(config.ToIPNet(egressGwRange))
if err != nil {
logger.Log(0, "failed to get interface name: ", egressRangeIface, err.Error())
} else {
ruleSpec := []string{"-o", egressRangeIface, "-j", "MASQUERADE"}
ruleSpec := []string{"-s", source, "-o", egressRangeIface, "-j", "MASQUERADE"}
ruleSpec = appendNetmakerCommentToRule(ruleSpec)
// to avoid duplicate iface route rule,delete if exists
iptablesClient.DeleteIfExists(defaultNatTable, nattablePRTChain, ruleSpec...)
Expand Down
2 changes: 1 addition & 1 deletion firewall/nftables_linux.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,7 @@ func (n *nftablesManager) InsertEgressRoutingRules(server string, egressInfo mod
if egressRangeIface, err := getInterfaceName(config.ToIPNet(egressGwRange)); err != nil {
logger.Log(0, "failed to get interface name: ", egressRangeIface, err.Error())
} else {
ruleSpec := []string{"-o", egressRangeIface, "-j", "MASQUERADE"}
ruleSpec := []string{"-s", egressInfo.Network.String(), "-o", egressRangeIface, "-j", "MASQUERADE"}
// to avoid duplicate iface route rule,delete if exists
n.deleteRule(defaultNatTable, nattablePRTChain, genRuleKey(ruleSpec...))
rule = &nftables.Rule{
Expand Down
14 changes: 13 additions & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ require (
github.com/google/nftables v0.1.0
github.com/google/uuid v1.6.0
github.com/gorilla/websocket v1.5.1
github.com/gravitl/netmaker v0.23.1-0.20240416055906-7dc4e6c4659e
github.com/gravitl/netmaker v0.24.1-0.20240425143610-a3d6a0af09ca
github.com/gravitl/tcping v0.1.2-0.20230801110928-546055ebde06
github.com/gravitl/txeh v0.0.0-20230509181318-3778c58bd69f
github.com/guumaster/hostctl v1.1.4
Expand All @@ -39,21 +39,29 @@ require (

require (
aead.dev/minisign v0.2.0 // indirect
cloud.google.com/go/compute v1.23.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/coreos/go-oidc/v3 v3.9.0 // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/docker/distribution v2.8.1+incompatible // indirect
github.com/docker/docker v23.0.5+incompatible // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/felixge/httpsnoop v1.0.3 // indirect
github.com/fsnotify/fsnotify v1.7.0 // indirect
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/go-jose/go-jose/v3 v3.0.3 // indirect
github.com/go-playground/locales v0.14.1 // indirect
github.com/go-playground/universal-translator v0.18.1 // indirect
github.com/go-playground/validator/v10 v10.19.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/gorilla/handlers v1.5.2 // indirect
github.com/gorilla/mux v1.8.1 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
Expand All @@ -79,6 +87,7 @@ require (
github.com/rqlite/gorqlite v0.0.0-20240122221808-a8a425b1a6aa // indirect
github.com/sagikazarmark/locafero v0.4.0 // indirect
github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect
github.com/sourcegraph/conc v0.3.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.6.0 // indirect
Expand All @@ -90,10 +99,13 @@ require (
go.uber.org/atomic v1.9.0 // indirect
go.uber.org/multierr v1.9.0 // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/oauth2 v0.18.0 // indirect
golang.org/x/sync v0.6.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/tools v0.17.0 // indirect
golang.zx2c4.com/wintun v0.0.0-20211104114900-415007cec224 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)
Loading
Loading