fix for bug 3622: add pre-SNAT hook

author: An-Cheng Huang <ancheng@vyatta.com> 2008-08-21 17:47:31 -0700
committer: An-Cheng Huang <ancheng@vyatta.com> 2008-08-21 17:47:31 -0700
commit: ebed2b7fb5d212af139ddba36b501faacf34b13d (patch)
tree: 5a93e2927b56b9fc948777a3b5026e2a234f7a62
parent: 72910ff705e3df5888399471beeccb80ebdd8863 (diff)
download: vyatta-nat-ebed2b7fb5d212af139ddba36b501faacf34b13d.tar.gz
vyatta-nat-ebed2b7fb5d212af139ddba36b501faacf34b13d.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/scripts/vyatta-update-nat.pl b/scripts/vyatta-update-nat.pl
index 4f95ad9..661ea3c 100755
--- a/scripts/vyatta-update-nat.pl
+++ b/scripts/vyatta-update-nat.pl
@@ -22,6 +22,9 @@ sub raw_cleanup {
       last;
     }
   }
+  
+  system('iptables -t nat -A VYATTA_PRE_SNAT_HOOK -j RETURN');
+  system('iptables -t nat -A POSTROUTING -j VYATTA_PRE_SNAT_HOOK');
 }
 
 my $config = new VyattaConfig;
@@ -30,8 +33,8 @@ my %rules = $config->listNodeStatus();
 my $rule;
 open(OUT, ">>/dev/null") or exit 1;
 my %ipt_rulenum = (
-                    source      => 1,
-                    destination => 1,
+                    source      => 2,
+                    destination => 2,
                   );
 my %chain_name = (
                   source      => "POSTROUTING",
@@ -150,6 +153,7 @@ for $rule (@rule_keys) {
 }
 
 if ($all_deleted) {
+  system('iptables -t nat -F');
   raw_cleanup();
 }
author	An-Cheng Huang <ancheng@vyatta.com>	2008-08-21 17:47:31 -0700
committer	An-Cheng Huang <ancheng@vyatta.com>	2008-08-21 17:47:31 -0700
commit	ebed2b7fb5d212af139ddba36b501faacf34b13d (patch)
tree	5a93e2927b56b9fc948777a3b5026e2a234f7a62
parent	72910ff705e3df5888399471beeccb80ebdd8863 (diff)
download	vyatta-nat-ebed2b7fb5d212af139ddba36b501faacf34b13d.tar.gz vyatta-nat-ebed2b7fb5d212af139ddba36b501faacf34b13d.zip