# Outgoing masquerading (don't masqerade IPSEC (mark 50))
iptables -t nat -A REDNAT -m mark --mark 50 -o $IFACE -j RETURN
- if [ "$IFACE" != "$GREEN_DEV" ]; then
- iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+ if [ "$IFACE" = "$GREEN_DEV" ]; then
+ MASQUERADE_GREEN="off"
fi
+ local NO_MASQ_NETWORKS
+
+ if [ "${MASQUERADE_GREEN}" = "off" ]; then
+ NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${GREEN_NETADDRESS}/${GREEN_NETMASK}"
+ fi
+
+ if [ "${MASQUERADE_BLUE}" = "off" ]; then
+ NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
+ fi
+
+ if [ "${MASQUERADE_ORANGE}" = "off" ]; then
+ NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
+ fi
+
+ local network
+ for network in ${NO_MASQ_NETWORKS}; do
+ iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
+ done
+
+ # Masquerade everything else
+ iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
fi
# Reload all rules.