Added iptables NAT support

2025-02-20 08:37:49 +07:00 · 2019-03-23 13:19:13 +01:00 · 2019-03-23 13:19:13 +01:00 · 30cbe4bc25
commit 30cbe4bc25
parent 16263261ef
3 changed files with 51 additions and 16 deletions
--- a/INFO.sh
+++ b/INFO.sh
@ -2,7 +2,7 @@
 source /pkgscripts-ng/include/pkg_util.sh

 package="WireGuard"
-version="0.0.20190227"
+version="0.0.20190227-2"
 displayname="WireGuard"
 maintainer="Andreas Runfalk"
 arch="$(pkg_get_platform)"
--- a/README.rst
+++ b/README.rst
@ -106,3 +106,7 @@ I based a lot of this work on
 by Reddit user `akhener <https://www.reddit.com/user/akhener>`_. However, I had
 to modify their instructions a lot since my NAS has an ARM CPU which made cross
 compilation a lot trickier.
+
+GitHub user `galaxysd <https://github.com/galaxysd>`_ made
+`a guide <https://galaxysd.github.io/linux/20170804/2017-08-04-iptables-on-Synology-DSM-6>`_
+on how to enable iptables NAT support.
--- a/scripts/start-stop-status
+++ b/scripts/start-stop-status
@ -1,20 +1,51 @@
 #!/bin/sh
+
+# This files contain environment variables with .ko files required for iptables
+# support. For some reason it's not loaded by default. The other weird thing
+# is that the .ko-files can't be loaded directly using insmod
+IPTABLES_MODULE_LIST="/usr/syno/etc/iptables_modules_list"
+source "$IPTABLES_MODULE_LIST"
+
+# Binary that allows loading iptables kernel modules
+SYNOMODULETOOL="/usr/syno/bin/synomoduletool"
+
+SERVICE_NAME="WireGuard"
+
 case $1 in
-	start)
-		/sbin/insmod $SYNOPKG_PKGDEST/wireguard/wireguard.ko
-		exit 0
-	;;
-	stop)
-		/sbin/rmmod $SYNOPKG_PKGDEST/wireguard/wireguard.ko
-		exit 0
-	;;
-	status)
-		/sbin/lsmod | grep wireguard && exit 0 || exit 3
-	;;
-	killall)
+    start)
+        if [ -x "$SYNOMODULETOOL" -a -f "$IPTABLES_MODULE_LIST" ]; then
+            sysctl -w net.ipv4.ip_forward=1
+
+            # Load required modules
+            "$SYNOMODULETOOL" --insmod "$SERVICE_NAME" $KERNEL_MODULES_CORE
+            echo "Loaded $? iptables core modules"
+            "$SYNOMODULETOOL" --insmod "$SERVICE_NAME" $KERNEL_MODULES_NAT
+            echo "Loaded $? iptables NAT modules"
+        fi
+
+        /sbin/insmod $SYNOPKG_PKGDEST/wireguard/wireguard.ko
+        exit 0
+        ;;
+    stop)
+        /sbin/rmmod $SYNOPKG_PKGDEST/wireguard/wireguard.ko
+
+        if [ -x "$SYNOMODULETOOL" -a -f "$IPTABLES_MODULE_LIST" ]; then
+            "$SYNOMODULETOOL" --rmmod "$SERVICE_NAME" $KERNEL_MODULES_NAT
+            "$SYNOMODULETOOL" --rmmod "$SERVICE_NAME" $KERNEL_MODULES_CORE
+
+            # NOTE: If another service needs this to be set we may screw them
+            #       over by disabling it here.
+            sysctl -w net.ipv4.ip_forward=0
+        fi
+        exit 0
+        ;;
+    status)
+        /sbin/lsmod | grep wireguard && exit 0 || exit 3
+        ;;
+    killall)
+        ;;
+    log)
+        exit 0
        ;;
-	log)
-		exit 0
-	;;
 esac