[server] fw_initialize() vs. fw_config_init() bug fix for use_masquerade
authorMichael Rash <mbr@cipherdyne.org>
Sun, 15 Dec 2013 00:41:00 +0000 (19:41 -0500)
committerMichael Rash <mbr@cipherdyne.org>
Sun, 15 Dec 2013 00:41:00 +0000 (19:41 -0500)
server/config_init.c
server/fw_util_iptables.c

index 0ff3000..67a5220 100644 (file)
@@ -448,7 +448,7 @@ validate_options(fko_srv_options_t *opts)
     */
     if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1) == 0)
     {
-        /* Note that fw_initialize() will set use_masquerade if necessary
+        /* Note that fw_config_init() will set use_masquerade if necessary
         */
         if(opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
         {
index 65bda34..19c49da 100644 (file)
@@ -814,7 +814,6 @@ fw_config_init(fko_srv_options_t * const opts)
     */
     if(strncasecmp(opts->config[CONF_ENABLE_IPT_FORWARDING], "Y", 1)==0)
     {
-
         if(set_fw_chain_conf(IPT_FORWARD_ACCESS, opts->config[CONF_IPT_FORWARD_ACCESS]) != 1)
             return 0;
 
@@ -825,19 +824,25 @@ fw_config_init(fko_srv_options_t * const opts)
         */
         if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1)==0)
         {
-            if(opts->fw_config->use_masquerade == 1)
+            if(opts->config[CONF_SNAT_TRANSLATE_IP] == NULL
+                    || ! is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
             {
+                fwc.use_masquerade = 1;
                 if(set_fw_chain_conf(IPT_MASQUERADE_ACCESS, opts->config[CONF_IPT_MASQUERADE_ACCESS]) != 1)
                     return 0;
             }
-            else if((opts->config[CONF_SNAT_TRANSLATE_IP] != NULL)
-              && (is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP])))
+            else
             {
-                if(set_fw_chain_conf(IPT_SNAT_ACCESS, opts->config[CONF_IPT_SNAT_ACCESS]) != 1)
+                if(is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
+                {
+                    if(set_fw_chain_conf(IPT_SNAT_ACCESS, opts->config[CONF_IPT_SNAT_ACCESS]) != 1)
+                        return 0;
+                }
+                else
+                {
                     return 0;
+                }
             }
-            else
-                return 0;
         }
     }
 
@@ -882,15 +887,6 @@ fw_initialize(const fko_srv_options_t * const opts)
         }
     }
 
-    if(strncasecmp(opts->config[CONF_ENABLE_IPT_SNAT], "Y", 1) == 0)
-    {
-        if(opts->config[CONF_SNAT_TRANSLATE_IP] == NULL
-                || ! is_valid_ipv4_addr(opts->config[CONF_SNAT_TRANSLATE_IP]))
-        {
-            opts->fw_config->use_masquerade = 1;
-        }
-    }
-
     /* See if iptables offers the '-C' argument (older versions don't).  If not,
      * then switch to parsing iptables -L output to find rules.
     */