-
-
Save evanslai/f3f660780cdd0b962e99fc8e982736e9 to your computer and use it in GitHub Desktop.
OpenWrt map-e (JPNE v6plus) において、割当ポート240個をちゃんと使わせるための設定。
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## /etc/firewall.user | |
| # This file is interpreted as shell script. | |
| # Put your custom iptables rules here, they will | |
| # be executed with each firewall (re-)start. | |
| # Internal uci firewall chains are flushed and recreated on reload, so | |
| # put custom rules into the root chains e.g. INPUT or FORWARD or into the | |
| # special user chains, e.g. input_wan_rule or postrouting_lan_rule. | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 0 -j MARK --set-mark 10 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 1 -j MARK --set-mark 11 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 2 -j MARK --set-mark 12 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 3 -j MARK --set-mark 13 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 4 -j MARK --set-mark 14 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 5 -j MARK --set-mark 15 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 6 -j MARK --set-mark 16 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 7 -j MARK --set-mark 17 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 8 -j MARK --set-mark 18 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 9 -j MARK --set-mark 19 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 10 -j MARK --set-mark 20 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 11 -j MARK --set-mark 21 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 12 -j MARK --set-mark 22 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 13 -j MARK --set-mark 23 | |
| iptables -t nat -A PREROUTING -m statistic --mode nth --every 15 --packet 14 -j MARK --set-mark 24 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 0 -j MARK --set-mark 10 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 1 -j MARK --set-mark 11 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 2 -j MARK --set-mark 12 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 3 -j MARK --set-mark 13 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 4 -j MARK --set-mark 14 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 5 -j MARK --set-mark 15 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 6 -j MARK --set-mark 16 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 7 -j MARK --set-mark 17 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 8 -j MARK --set-mark 18 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 9 -j MARK --set-mark 19 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 10 -j MARK --set-mark 20 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 11 -j MARK --set-mark 21 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 12 -j MARK --set-mark 22 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 13 -j MARK --set-mark 23 | |
| iptables -t nat -A OUTPUT -m statistic --mode nth --every 15 --packet 14 -j MARK --set-mark 24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #$ diff -c /lib/netifd/proto/map.sh.orig /lib/netifd/proto/map.sh | |
| *** /lib/netifd/proto/map.sh.orig 2017-05-30 02:45:19.000000000 +0900 | |
| --- /lib/netifd/proto/map.sh 2017-05-30 02:45:18.000000000 +0900 | |
| *************** | |
| *** 135,140 **** | |
| --- 135,141 ---- | |
| json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR") | |
| json_close_object | |
| else | |
| + local mark=10 | |
| for portset in $(eval "echo \$RULE_${k}_PORTSETS"); do | |
| for proto in icmp tcp udp; do | |
| json_add_object "" | |
| *************** | |
| *** 142,152 **** | |
| --- 143,155 ---- | |
| json_add_string target SNAT | |
| json_add_string family inet | |
| json_add_string proto "$proto" | |
| + json_add_string mark "$mark" | |
| json_add_boolean connlimit_ports 1 | |
| json_add_string snat_ip $(eval "echo \$RULE_${k}_IPV4ADDR") | |
| json_add_string snat_port "$portset" | |
| json_close_object | |
| done | |
| + mark=`expr $mark + 1` | |
| done | |
| fi | |
| if [ "$type" = "map-t" ]; then | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment