Re: Re: The dead are risen. ZeroShell and “NAT Reflection&

Home Page Forums Network Management ZeroShell nat reflection Re: Re: The dead are risen. ZeroShell and “NAT Reflection&

#45427

gordonf
Member

@matth wrote:

Has anyone been able to make this work with dynamic WAN addresses?

I was just thinking about this one…

ZS 3.0.0 still requires this kind of post-boot scripting if you want NAT reflection (hair-pinning) to work and still correctly log external and internal IP addresses:

iptables -t nat -A PREROUTING -d pub.ip.ad.dr -p tcp --dport 80 -j DNAT --to internal.ip.ad.dr
iptables -t nat -A POSTROUTING -s internal.ip.subnet.0/24 -p tcp --dport 80 -d internal.ip.ad.dr -j MASQUERADE

…but since this is a script, I wondered if it were possible to retrieve the external IPv4 address and store it as an environment variable. I know ‘ifconfig’ retrieves interface info but it’s a lot of info at once, and I’m no regex guru.

But, in your Startup / Cron NAT and Virtual Servers script, if you’re clever with ifconfig and regex, you can extract your IP addresses and store them as environment variables. Then you can modify the above script thusly:

ifconfig > /tmp/ifconfig-out.txt
(insert magic IP extractor here that saves IPs to $ETHxxIPv4)
iptables -t nat -A PREROUTING -d $ETHxxIPv4 -p tcp --dport 80 -j DNAT --to internal.ip.ad.dr
iptables -t nat -A POSTROUTING -s internal.ip.subnet.0/24 -p tcp --dport 80 -d internal.ip.ad.dr -j MASQUERADE

“ETHxxIPv4” would contain the IP for each interface where “xx” is the interface number. The information might already be available in some file somewhere.