From 4a6f7b79bc8fea7cce3b4742cd89f4a54e251d71 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Jan 2006 16:01:21 +0000
Subject: Split inet_port setup in host setup into peer/host settings, so they
 can later be overwritten

git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@48 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
---
 Generate | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

(limited to 'Generate')

diff --git a/Generate b/Generate
index 07da5a3..a5ee4d5 100755
--- a/Generate
+++ b/Generate
@@ -281,7 +281,6 @@ $config['hosts'].each_pair{ |name, host|
 	host['name'] = name
 	host['vpn_address'] = $config['prefix']+'.'+host['host_no'].to_s
 	host['vpn_address6'] = $config['prefix6']+':'+host['host_no'].to_s
-	host['inet_port'] = $config['baseport']+host['host_no']
 	host['asn'] = $config['baseasn']+host['host_no']
 	host['ifacename'] = "tun-n2-#{host['name']}"[0..14]
 	iface_dup_check[host['ifacename']] = true
@@ -314,6 +313,14 @@ hostlist.each{ |host|
 			"peer" => ipv6_link_local_peer
 		}
 	}
+
+	host['inet_port'] = {}
+	host['peers'].each{ |peer|
+		host['inet_port'][ peer['name'] ] = {
+			"remote"  => $config['baseport']+host['host_no'],
+			"local" => $config['baseport']+peer['host_no']
+		}
+	}
 }
 throw "Duplicate iface names" unless iface_dup_check.size == $config['hosts'].size
 
@@ -593,8 +600,8 @@ hostlist.each{ |host|
 		mtu = 1200
 		conffile.puts "fragment #{mtu}"
 		conffile.puts "ifconfig %s %s"%[host['vpn_address'], peer['vpn_address']]
-		conffile.puts "rport %s"%[host['inet_port']]
-		conffile.puts "lport %s"%[peer['inet_port']]
+		conffile.puts "rport #{host['inet_port'][ peer['name'] ]['remote']}"
+		conffile.puts "lport #{host['inet_port'][ peer['name'] ]['local']}"
 		conffile.puts "remote %s"%[peer['host_address']] if peer['host_address']
 		conffile.puts "local %s"%[host['host_address']] if host['host_address']
 		if host_is_server
@@ -633,8 +640,9 @@ hostlist.each{ |host|
 		File.chmod(0755, upscriptname) == 1 or throw "Cannot chmod #{upscriptname}"
 
 		##########
+		# do not filter on remote port as NAT gateways may change ports
 		iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['host_address'] || '0.0.0.0/0' } --destination #{ host['host_address'] || '0.0.0.0/0' } \\"
-		iptables.puts "         --protocol udp                                      --destination-port #{ peer['inet_port'] } \\"
+		iptables.puts "         --protocol udp                                      --destination-port #{ host['inet_port'][ peer['name'] ]['local'] } \\"
 		iptables.puts "         --jump ACCEPT"
 		
 		iptables.puts "iptables --append vpn-#{$NAMESPACE} --source #{ peer['vpn_address'] } --destination #{ host['vpn_address'] } \\"
-- 
cgit v1.2.3