mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
tweaking iptables for captive portal
This commit is contained in:
parent
11c20f7b41
commit
aeacbe60ca
1 changed files with 11 additions and 7 deletions
|
@ -105,8 +105,9 @@ if [ "$gw_block_https" == "True" ]; then
|
|||
fi
|
||||
|
||||
# Allow outgoing connections from the LAN side.
|
||||
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
|
||||
|
||||
if ! [ "$captive_portal_enabled" == "True" ];then
|
||||
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
|
||||
fi
|
||||
# Don't forward from the outside to the inside.
|
||||
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
|
||||
$IPTABLES -A INPUT -i $wan -j DROP
|
||||
|
@ -116,14 +117,17 @@ if [ "$block_DNS" == "True" ];then
|
|||
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
|
||||
fi
|
||||
|
||||
#if [ "$captive_portal_enabled" == "True" ];then
|
||||
# $IPTABLES -t mangle -N internet
|
||||
# $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
|
||||
# $IPTABLES -t mangle -A internet -j MARK --set-mark 99
|
||||
# $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}:
|
||||
|
||||
if [ "$captive_portal_enabled" == "True" ];then
|
||||
$IPTABLES -t mangle -N internet
|
||||
$IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
|
||||
$IPTABLES -t mangle -A internet -j MARK --set-mark 99
|
||||
$IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
|
||||
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:9090
|
||||
|
||||
elif [ "$HTTPCACHE_ON" == "True" ]; then
|
||||
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
|
||||
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
|
||||
fi
|
||||
|
||||
# Enable routing.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue