Add ability to set OVPN_NATDEVICE to target specific interface when using net=host

This commit is contained in:
Werner Buck 2015-08-24 17:19:40 +02:00
parent e557222753
commit 0181bb93d6

View File

@ -24,14 +24,17 @@ if [ -d "$OPENVPN/ccd" ]; then
ARGS+=("--client-config-dir" "$OPENVPN/ccd") ARGS+=("--client-config-dir" "$OPENVPN/ccd")
fi fi
# When using --net=host, use this to specify nat device.
[ -z "$OVPN_NATDEVICE" ] && OVPN_NATDEVICE=eth0
# Setup NAT forwarding if requested # Setup NAT forwarding if requested
if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then if [ "$OVPN_DEFROUTE" != "0" ] || [ "$OVPN_NAT" == "1" ] ; then
iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o eth0 -j MASQUERADE || { iptables -t nat -C POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE || {
iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s $OVPN_SERVER -o $OVPN_NATDEVICE -j MASQUERADE
} }
for i in "${OVPN_ROUTES[@]}"; do for i in "${OVPN_ROUTES[@]}"; do
iptables -t nat -C POSTROUTING -s "$i" -o eth0 -j MASQUERADE || { iptables -t nat -C POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE || {
iptables -t nat -A POSTROUTING -s "$i" -o eth0 -j MASQUERADE iptables -t nat -A POSTROUTING -s "$i" -o $OVPN_NATDEVICE -j MASQUERADE
} }
done done
fi fi