fix

4eef7b35 · 神楽坂玲奈 · 5fe5b5ea · 4eef7b35 · 4eef7b35
Commit 4eef7b35 authored Nov 05, 2015 by 神楽坂玲奈
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 2 deletions

iptables-rules iptables-rules +1 -0

start.sh start.sh +0 -2

No files found.
--- a/iptables-rules
+++ b/iptables-rules
@@ -7,6 +7,7 @@
 -A PREROUTING -i ${RAILGUN_INTERFACE} -p tcp -m addrtype --dst-type LOCAL -j REDIRECT --to-ports 3100
 # socks5 dns hack
 -A OUTPUT -o ${RAILGUN_INTERFACE} -p udp --dport 53 -m owner --uid-owner proxy -j REDIRECT --to-ports 53
+-A POSTROUTING -o ${RAILGUN_INTERFACE} -s 10.0.0.0/8 -j SNAT --to-source ${RAILGUN_PRIVATE_ADDRESS}
 COMMIT
 *mangle
 -A PREROUTING -s ${RAILGUN_ADDRESS}/16 -p tcp -m addrtype ! --dst-type LOCAL -j TPROXY --on-port 5000 --on-ip 0.0.0.0 --tproxy-mark 0x3

--- a/start.sh
+++ b/start.sh
@@ -17,9 +17,7 @@ echo 'iptables...'

 envsubst < iptables-rules | iptables-restore

-# this server is a gateway
 if [ -n "${RAILGUN_TOS}" ]; then
-    iptables -t nat -A POSTROUTING -o ${RAILGUN_INTERFACE} -s 10.0.0.0/8 -j SNAT --to-source ${RAILGUN_PRIVATE_ADDRESS}
    iptables -t mangle -A PREROUTING -s 10.0.0.0/16 -p tcp -m addrtype ! --dst-type LOCAL -m tos --tos ${RAILGUN_TOS} -j TPROXY --on-port 5000 --on-ip 0.0.0.0 --tproxy-mark 0x3
 fi