mirror of
https://github.com/Ysurac/openmptcprouter-vps-admin.git
synced 2025-03-09 15:40:05 +00:00
Use gre tunnel when redirecting from a public IP
This commit is contained in:
parent
83a21e7d49
commit
cbde68adfc
1 changed files with 14 additions and 2 deletions
16
omr-admin.py
16
omr-admin.py
|
@ -439,7 +439,7 @@ def ordered(obj):
|
||||||
return obj
|
return obj
|
||||||
|
|
||||||
|
|
||||||
def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip=''):
|
def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='', dest_ip='', vpn='default'):
|
||||||
userid = user.userid
|
userid = user.userid
|
||||||
if userid is None:
|
if userid is None:
|
||||||
userid = 0
|
userid = 0
|
||||||
|
@ -480,6 +480,8 @@ def shorewall_add_port(user, port, proto, name, fwtype='ACCEPT', source_dip='',
|
||||||
net = 'net:' + dest_ip
|
net = 'net:' + dest_ip
|
||||||
if fwtype == 'ACCEPT':
|
if fwtype == 'ACCEPT':
|
||||||
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + "\n")
|
n.write('ACCEPT ' + net + ' $FW ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' open ' + name + ' port ' + proto + comment + "\n")
|
||||||
|
elif fwtype == 'DNAT' and vpn != 'default':
|
||||||
|
n.write('DNAT net vpn:' + vpn + ' ' + proto + ' ' + port + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + "\n")
|
||||||
elif fwtype == 'DNAT' and userid == 0:
|
elif fwtype == 'DNAT' and userid == 0:
|
||||||
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
n.write('DNAT ' + net + ' vpn:$OMR_ADDR ' + proto + ' ' + port + ' - ' + source_dip + ' # OMR ' + user.username + ' redirect ' + name + ' port ' + proto + comment + "\n")
|
||||||
elif fwtype == 'DNAT' and userid != 0:
|
elif fwtype == 'DNAT' and userid != 0:
|
||||||
|
@ -1546,16 +1548,26 @@ class Shorewallparams(BaseModel):
|
||||||
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
|
def shorewall_open(*, params: Shorewallparams, current_user: User = Depends(get_current_user)):
|
||||||
if current_user.permissions == "ro":
|
if current_user.permissions == "ro":
|
||||||
return {'result': 'permission', 'reason': 'Read only user', 'route': 'shorewallopen'}
|
return {'result': 'permission', 'reason': 'Read only user', 'route': 'shorewallopen'}
|
||||||
|
with open('/etc/openmptcprouter-vps-admin/omr-admin-config.json') as f:
|
||||||
|
try:
|
||||||
|
omr_config_data = json.load(f)
|
||||||
|
except ValueError as e:
|
||||||
|
omr_config_data = {}
|
||||||
name = params.name
|
name = params.name
|
||||||
port = params.port
|
port = params.port
|
||||||
proto = params.proto
|
proto = params.proto
|
||||||
fwtype = params.fwtype
|
fwtype = params.fwtype
|
||||||
source_dip = params.source_dip
|
source_dip = params.source_dip
|
||||||
source_ip = params.source_ip
|
source_ip = params.source_ip
|
||||||
|
vpn = "default"
|
||||||
if name is None:
|
if name is None:
|
||||||
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallopen'}
|
return {'result': 'error', 'reason': 'Invalid parameters', 'route': 'shorewallopen'}
|
||||||
if params.ipproto == 'ipv4':
|
if params.ipproto == 'ipv4':
|
||||||
shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip)
|
if 'gre_tunnels' in omr_config_data['users'][0][current_user.username]:
|
||||||
|
for tunnel in omr_config_data['users'][0][current_user.username]['gre_tunnels']:
|
||||||
|
if omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['public_ip'] == source_dip:
|
||||||
|
vpn = omr_config_data['users'][0][current_user.username]['gre_tunnels'][tunnel]['remote_ip']
|
||||||
|
shorewall_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip, vpn)
|
||||||
else:
|
else:
|
||||||
shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip)
|
shorewall6_add_port(current_user, str(port), proto, name, fwtype, source_dip, source_ip)
|
||||||
return {'result': 'done', 'reason': 'changes applied'}
|
return {'result': 'done', 'reason': 'changes applied'}
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue