From 5266a8c01c29bd371afa32dbb1354e0ea3e76045 Mon Sep 17 00:00:00 2001
From: Steven Barth <steven@midlink.org>
Date: Mon, 28 Apr 2008 07:15:16 +0000
Subject: [PATCH] * Corrected Freifunk NAT rules

---
 contrib/package/ffluci-splash/src/luci_splash.init |  4 ++--
 module/admin-core/contrib/init.d/luci_freifunk     | 14 ++++++++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/contrib/package/ffluci-splash/src/luci_splash.init b/contrib/package/ffluci-splash/src/luci_splash.init
index bce432ed3..20f7865fd 100644
--- a/contrib/package/ffluci-splash/src/luci_splash.init
+++ b/contrib/package/ffluci-splash/src/luci_splash.init
@@ -19,8 +19,8 @@ iface_add() {
 	
 	eval "$(ipcalc.sh $ipaddr $netmask)"
 	
-	iptables -t nat -A luci_splash -i "$iface" -s "$IP/$PREFIX" -j luci_splash_portal
-	iptables -t nat -A luci_splash_portal -i "$iface" -s "$IP/$PREFIX" -d "$ipaddr" -p tcp -m multiport --dports 22,80,443 -j RETURN
+	iptables -t nat -A luci_splash -i "$iface" -s "$NETWORK/$PREFIX" -j luci_splash_portal
+	iptables -t nat -A luci_splash_portal -i "$iface" -s "$NETWORK/$PREFIX" -d "$ipaddr" -p tcp -m multiport --dports 22,80,443 -j RETURN
 }
 
 blacklist_add() {
diff --git a/module/admin-core/contrib/init.d/luci_freifunk b/module/admin-core/contrib/init.d/luci_freifunk
index dbb346f0e..6b18e1442 100644
--- a/module/admin-core/contrib/init.d/luci_freifunk
+++ b/module/admin-core/contrib/init.d/luci_freifunk
@@ -29,14 +29,24 @@ start() {
 	
 	### Lan to Freifunk	
 	[ -n "$lanif" ] && {
+		config_get ipaddr lan ipaddr
+		config_get netmask lan netmask
+		
+		eval "$(ipcalc.sh $ipaddr $netmask)"
+		
 		iptables -A forwarding_rule -i "$lanif" -o "$ffif" -j ACCEPT
-		iptables -t nat -A postrouting_rule -i "$lanif" -o "$ffif" -j MASQUERADE
+		iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$ffif" -j MASQUERADE
 	}
 	
 	### Freifunk to Wan
 	[ "$internet" -gt 0 ] && {
+		config_get ipaddr ff ipaddr
+		config_get netmask ff netmask
+		
+		eval "$(ipcalc.sh $ipaddr $netmask)"		
+		
 		iptables -A forwarding_rule -i "$ffif" -o "$wanif" -j ACCEPT
-		iptables -t nat -A postrouting_rule -i "$ffif" -o "$wanif" -j MASQUERADE
+		iptables -t nat -A postrouting_rule -s "$NETWORK/$PREFIX" -o "$wanif" -j MASQUERADE
 	}
 }
 
-- 
2.11.0