From 2cc77069eeaca022a4b6380b33068f2cfd6b0f81 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 29 Sep 2017 17:32:51 +0100
Subject: [PATCH] Mesh bridge forwarding

---
 src/freedombone-mesh-batman | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index ee072e34..3e0e18e7 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -164,6 +164,18 @@ function stop {
     iptables -D INPUT -p tcp --dport 8942 -j ACCEPT
     iptables -D INPUT -p udp --dport 8942 -j ACCEPT
 
+    iptables -t nat -D POSTROUTING -o $EIFACE -j MASQUERADE
+    iptables -D FORWARD -i $EIFACE -o $IFACE -j ACCEPT -m state –state RELATED,ESTABLISHED
+    iptables -D FORWARD -i $IFACE -o $EIFACE -j ACCEPT
+
+    if [ $IFACE_SECONDARY ]; then
+        iptables -D FORWARD -i $IFACE -o $IFACE_SECONDARY -j ACCEPT -m state –state RELATED,ESTABLISHED
+        iptables -D FORWARD -i $IFACE_SECONDARY -o $IFACE -j ACCEPT
+    fi
+
+    echo 0 > /proc/sys/net/ipv4/ip_forward
+    sed -i 's|net.ipv4.ip_forward=.*|net.ipv4.ip_forward=0|g' /etc/sysctl.conf
+
     systemctl restart network-manager
 }
 
@@ -251,6 +263,7 @@ function start {
         dhclient $BRIDGE
     fi
 
+    hotspot_enabled=
     if [ $IFACE_SECONDARY ]; then
         if [[ $IFACE != $IFACE_SECONDARY ]]; then
             if [ -d /etc/hostapd ]; then
@@ -291,6 +304,7 @@ function start {
                 ifconfig $IFACE_SECONDARY up promisc
                 #ifconfig $IFACE_SECONDARY auto-dhcp start
                 systemctl start hostapd
+                hotspot_enabled=1
             fi
         fi
     fi
@@ -324,6 +338,20 @@ function start {
     iptables -A INPUT -p tcp --dport 8942 -j ACCEPT
     iptables -A INPUT -p udp --dport 8942 -j ACCEPT
 
+    iptables -t nat -A POSTROUTING -o $EIFACE -j MASQUERADE
+    iptables -A FORWARD -i $EIFACE -o $IFACE -j ACCEPT -m state –state RELATED,ESTABLISHED
+    iptables -A FORWARD -i $IFACE -o $EIFACE -j ACCEPT
+
+    if [ $hotspot_enabled ]; then
+        iptables -A FORWARD -i $IFACE -o $IFACE_SECONDARY -j ACCEPT -m state –state RELATED,ESTABLISHED
+        iptables -A FORWARD -i $IFACE_SECONDARY -o $IFACE -j ACCEPT
+    fi
+
+    echo 1 > /proc/sys/net/ipv4/ip_forward
+    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+
     systemctl restart avahi-daemon
 
     verify