disable masquerade and green IP/NET check if internet is
connected via green.
;;
*)
+
# Access from GREEN is granted to everywhere
- iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+ if [ "${IFACE}" = "${GREEN_DEV}" ]; then
+ # internet via green
+ # don't check source IP/NET if IFACE is GREEN
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
+ else
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+ fi
# Grant access for IPsec VPN connections
iptables -A POLICYFWD -m policy --pol ipsec --dir in -j ACCEPT
# Outgoing masquerading (don't masqerade IPSEC (mark 50))
iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
- iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+
+ if [ "$IFACE" != "$GREEN_DEV" ]; then
+ iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+ fi
fi