1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00

tweaking iptables for captive portal

This commit is contained in:
Jerry Vonau 2018-07-03 09:00:45 -05:00
parent 11c20f7b41
commit aeacbe60ca

View file

@ -105,8 +105,9 @@ if [ "$gw_block_https" == "True" ]; then
fi
# Allow outgoing connections from the LAN side.
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
if ! [ "$captive_portal_enabled" == "True" ];then
$IPTABLES -A FORWARD -i $lan -o $wan -j ACCEPT
fi
# Don't forward from the outside to the inside.
$IPTABLES -A FORWARD -i $wan -o $lan -j DROP
$IPTABLES -A INPUT -i $wan -j DROP
@ -116,14 +117,17 @@ if [ "$block_DNS" == "True" ];then
$IPTABLES -t nat -A PREROUTING -i $lan -p udp --dport 53 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:53
fi
#if [ "$captive_portal_enabled" == "True" ];then
# $IPTABLES -t mangle -N internet
# $IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
# $IPTABLES -t mangle -A internet -j MARK --set-mark 99
# $IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}:
if [ "$captive_portal_enabled" == "True" ];then
$IPTABLES -t mangle -N internet
$IPTABLES -t mangle -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m tcp --dport 80 -j internet
$IPTABLES -t mangle -A internet -j MARK --set-mark 99
$IPTABLES -t nat -A PREROUTING -i {{ iiab_lan_iface }} -p tcp -m mark --mark 99 -m tcp --dport 80 -j DNAT --to-destination {{ lan_ip }}
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:9090
elif [ "$HTTPCACHE_ON" == "True" ]; then
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d 172.18.96.1 -j DNAT --to 172.18.96.1:3128
$IPTABLES -t nat -A PREROUTING -i $lan -p tcp --dport 80 ! -d {{ lan_ip }} -j DNAT --to {{ lan_ip }}:3128
fi
# Enable routing.