diff --git a/roles/network/templates/gateway/iiab-gen-iptables b/roles/network/templates/gateway/iiab-gen-iptables index 3b9e8959a..f88cdae1b 100755 --- a/roles/network/templates/gateway/iiab-gen-iptables +++ b/roles/network/templates/gateway/iiab-gen-iptables @@ -60,6 +60,7 @@ kalite_server_port={{ kalite_server_port }} sugarizer_port={{ sugarizer_port }} block_DNS={{ block_DNS }} captive_portal_enabled={{ captive_portal_enabled }} +py_captive_portal_enabled={{ py_captive_portal_enabled }} echo "Lan is $lan and WAN is $wan" # @@ -105,7 +106,7 @@ if [ "$gw_block_https" == "True" ]; then fi # Allow outgoing connections from the LAN side. -if ! [ "$captive_portal_enabled" == "True" ];then +if ! [ "$py_captive_portal_enabled" == "True" ];then $IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT fi # Don't forward from the outside to the inside. @@ -117,13 +118,13 @@ if [ "$block_DNS" == "True" ];then $IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53 fi -#if [ "$captive_portal_enabled" == "True" ];then -# $IPTABLES -t mangle -N internet -# $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet -# $IPTABLES -t mangle -A internet -j MARK --set-mark 99 -# $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}: - if [ "$captive_portal_enabled" == "True" ];then + $IPTABLES -t mangle -N internet + $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet + $IPTABLES -t mangle -A internet -j MARK --set-mark 99 + $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }} + +elif [ "py_$captive_portal_enabled" == "True" ];then $IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:9090 elif [ "$HTTPCACHE_ON" == "True" ]; then