X-Git-Url: http://git.ipfire.org/?p=people%2Fpmueller%2Fipfire-2.x.git;a=blobdiff_plain;f=src%2Finitscripts%2Finit.d%2Ffirewall;h=a49dcdee6d23adb147b210216972dc07a24047f6;hp=7a18502bfa728743bc951fef3ccbce84389a57f4;hb=83ef9c40ef86a4d3c18b81295b5866862fad5257;hpb=13eef3ba74c47e8beabd87c006b597c6c46e9e46

diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall
index 7a18502bfa..a49dcdee6d 100644
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -336,10 +336,31 @@ iptables_red() {
 		# Outgoing masquerading (don't masqerade IPSEC (mark 50))
 		iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
 
-		if [ "$IFACE" != "$GREEN_DEV" ]; then
-			iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+		if [ "$IFACE" = "$GREEN_DEV" ]; then
+			MASQUERADE_GREEN="off"
 		fi
 
+		local NO_MASQ_DEVICES
+
+		if [ "${MASQUERADE_GREEN}" = "off" ]; then
+			NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${GREEN_DEV}"
+		fi
+
+		if [ "${MASQUERADE_BLUE}" = "off" ]; then
+			NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${BLUE_DEV}"
+		fi
+
+		if [ "${MASQUERADE_ORANGE}" = "off" ]; then
+			NO_MASQ_DEVICES="${NO_MASQ_DEVICES} ${ORANGE_DEV}"
+		fi
+
+		local device
+		for device in ${NO_MASQ_DEVICES}; do
+			iptables -t nat -A REDNAT -i "${device}" -o "${IFACE}" -j RETURN
+		done
+
+		# Masquerade everything else
+		iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
 	fi
 
 	# Reload all rules.