diff --git a/go.mod b/go.mod index 41f92513..da6f5f78 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,6 @@ require ( github.com/eclipse/paho.mqtt.golang v1.4.1 github.com/go-playground/validator/v10 v10.11.0 github.com/golang-jwt/jwt/v4 v4.4.2 - github.com/golang/protobuf v1.5.2 // indirect github.com/google/uuid v1.3.0 github.com/gorilla/handlers v1.5.1 github.com/gorilla/mux v1.8.0 @@ -18,10 +17,7 @@ require ( github.com/txn2/txeh v1.3.0 github.com/urfave/cli/v2 v2.10.3 golang.org/x/crypto v0.0.0-20220315160706-3147a52a75dd - golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602 - golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect - golang.org/x/text v0.3.7 // indirect golang.zx2c4.com/wireguard v0.0.0-20220318042302-193cf8d6a5d6 // indirect golang.zx2c4.com/wireguard/wgctrl v0.0.0-20220324164955-056925b7df31 google.golang.org/protobuf v1.28.0 // indirect @@ -39,11 +35,12 @@ require ( github.com/posthog/posthog-go v0.0.0-20211028072449-93c17c49e2b0 ) +require github.com/coreos/go-oidc/v3 v3.2.0 + require ( cloud.google.com/go v0.81.0 // indirect fyne.io/systray v1.10.1-0.20220621085403-9a2652634e93 // indirect github.com/Microsoft/go-winio v0.4.14 // indirect - github.com/coreos/go-oidc/v3 v3.2.0 github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/distribution v2.7.1+incompatible // indirect @@ -63,6 +60,7 @@ require ( github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/goki/freetype v0.0.0-20181231101311-fa8a33aabaff // indirect + github.com/golang/protobuf v1.5.2 // indirect github.com/google/go-cmp v0.5.7 // indirect github.com/gopherjs/gopherjs v1.17.2 // indirect github.com/gorilla/websocket v1.4.2 // indirect @@ -88,7 +86,10 @@ require ( github.com/yuin/goldmark v1.4.0 // indirect golang.org/x/image v0.0.0-20220601225756-64ec528b34cd // indirect golang.org/x/mobile v0.0.0-20211207041440-4e6c2922fdee // indirect + golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect + golang.org/x/sys v0.0.0-20220412211240-33da011f77ad // indirect + golang.org/x/text v0.3.7 // indirect google.golang.org/appengine v1.6.7 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/logic/gateway.go b/logic/gateway.go index 600c4737..ea4b5079 100644 --- a/logic/gateway.go +++ b/logic/gateway.go @@ -26,15 +26,19 @@ func CreateEgressGateway(gateway models.EgressGatewayRequest) (models.Node, erro } node.IsEgressGateway = "yes" node.EgressGatewayRanges = gateway.Ranges + node.EgressGatewayNatEnabled = gateway.NatEnabled postUpCmd := "" postDownCmd := "" if node.OS == "linux" { - postUpCmd = "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT ; " - postUpCmd += "iptables -A FORWARD -o " + node.Interface + " -j ACCEPT ; " - postUpCmd += "iptables -t nat -A POSTROUTING -o " + gateway.Interface + " -j MASQUERADE" - postDownCmd = "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT ; " - postDownCmd += "iptables -D FORWARD -o " + node.Interface + " -j ACCEPT ; " - postDownCmd += "iptables -t nat -D POSTROUTING -o " + gateway.Interface + " -j MASQUERADE" + postUpCmd = "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT; " + postUpCmd += "iptables -A FORWARD -o " + node.Interface + " -j ACCEPT" + postDownCmd = "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; " + postDownCmd += "iptables -D FORWARD -o " + node.Interface + " -j ACCEPT" + + if node.EgressGatewayNatEnabled { + postUpCmd += "; iptables -t nat -A POSTROUTING -o " + gateway.Interface + " -j MASQUERADE" + postDownCmd += "; iptables -t nat -D POSTROUTING -o " + gateway.Interface + " -j MASQUERADE" + } } if node.OS == "freebsd" { postUpCmd = "kldload ipfw ipfw_nat ; " diff --git a/models/node.go b/models/node.go index 242572ae..ed651220 100644 --- a/models/node.go +++ b/models/node.go @@ -35,40 +35,41 @@ var seededRand *rand.Rand = rand.New( // Node - struct for node model type Node struct { - ID string `json:"id,omitempty" bson:"id,omitempty" yaml:"id,omitempty" validate:"required,min=5" validate:"id_unique` - Address string `json:"address" bson:"address" yaml:"address" validate:"omitempty,ipv4"` - Address6 string `json:"address6" bson:"address6" yaml:"address6" validate:"omitempty,ipv6"` - LocalAddress string `json:"localaddress" bson:"localaddress" yaml:"localaddress" validate:"omitempty,ip"` - Name string `json:"name" bson:"name" yaml:"name" validate:"omitempty,max=62,in_charset"` - NetworkSettings Network `json:"networksettings" bson:"networksettings" yaml:"networksettings" validate:"-"` - ListenPort int32 `json:"listenport" bson:"listenport" yaml:"listenport" validate:"omitempty,numeric,min=1024,max=65535"` - LocalListenPort int32 `json:"locallistenport" bson:"locallistenport" yaml:"locallistenport" validate:"numeric,min=0,max=65535"` - PublicKey string `json:"publickey" bson:"publickey" yaml:"publickey" validate:"required,base64"` - Endpoint string `json:"endpoint" bson:"endpoint" yaml:"endpoint" validate:"required,ip"` - PostUp string `json:"postup" bson:"postup" yaml:"postup"` - PostDown string `json:"postdown" bson:"postdown" yaml:"postdown"` - AllowedIPs []string `json:"allowedips" bson:"allowedips" yaml:"allowedips"` - PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" yaml:"persistentkeepalive" validate:"omitempty,numeric,max=1000"` - IsHub string `json:"ishub" bson:"ishub" yaml:"ishub" validate:"checkyesorno"` - AccessKey string `json:"accesskey" bson:"accesskey" yaml:"accesskey"` - Interface string `json:"interface" bson:"interface" yaml:"interface"` - LastModified int64 `json:"lastmodified" bson:"lastmodified" yaml:"lastmodified"` - ExpirationDateTime int64 `json:"expdatetime" bson:"expdatetime" yaml:"expdatetime"` - LastPeerUpdate int64 `json:"lastpeerupdate" bson:"lastpeerupdate" yaml:"lastpeerupdate"` - LastCheckIn int64 `json:"lastcheckin" bson:"lastcheckin" yaml:"lastcheckin"` - MacAddress string `json:"macaddress" bson:"macaddress" yaml:"macaddress"` - Password string `json:"password" bson:"password" yaml:"password" validate:"required,min=6"` - Network string `json:"network" bson:"network" yaml:"network" validate:"network_exists"` - IsRelayed string `json:"isrelayed" bson:"isrelayed" yaml:"isrelayed"` - IsPending string `json:"ispending" bson:"ispending" yaml:"ispending"` - IsRelay string `json:"isrelay" bson:"isrelay" yaml:"isrelay" validate:"checkyesorno"` - IsDocker string `json:"isdocker" bson:"isdocker" yaml:"isdocker" validate:"checkyesorno"` - IsK8S string `json:"isk8s" bson:"isk8s" yaml:"isk8s" validate:"checkyesorno"` - IsEgressGateway string `json:"isegressgateway" bson:"isegressgateway" yaml:"isegressgateway"` - IsIngressGateway string `json:"isingressgateway" bson:"isingressgateway" yaml:"isingressgateway"` - EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges" yaml:"egressgatewayranges"` - RelayAddrs []string `json:"relayaddrs" bson:"relayaddrs" yaml:"relayaddrs"` - IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange" yaml:"ingressgatewayrange"` + ID string `json:"id,omitempty" bson:"id,omitempty" yaml:"id,omitempty" validate:"required,min=5" validate:"id_unique` + Address string `json:"address" bson:"address" yaml:"address" validate:"omitempty,ipv4"` + Address6 string `json:"address6" bson:"address6" yaml:"address6" validate:"omitempty,ipv6"` + LocalAddress string `json:"localaddress" bson:"localaddress" yaml:"localaddress" validate:"omitempty,ip"` + Name string `json:"name" bson:"name" yaml:"name" validate:"omitempty,max=62,in_charset"` + NetworkSettings Network `json:"networksettings" bson:"networksettings" yaml:"networksettings" validate:"-"` + ListenPort int32 `json:"listenport" bson:"listenport" yaml:"listenport" validate:"omitempty,numeric,min=1024,max=65535"` + LocalListenPort int32 `json:"locallistenport" bson:"locallistenport" yaml:"locallistenport" validate:"numeric,min=0,max=65535"` + PublicKey string `json:"publickey" bson:"publickey" yaml:"publickey" validate:"required,base64"` + Endpoint string `json:"endpoint" bson:"endpoint" yaml:"endpoint" validate:"required,ip"` + PostUp string `json:"postup" bson:"postup" yaml:"postup"` + PostDown string `json:"postdown" bson:"postdown" yaml:"postdown"` + AllowedIPs []string `json:"allowedips" bson:"allowedips" yaml:"allowedips"` + PersistentKeepalive int32 `json:"persistentkeepalive" bson:"persistentkeepalive" yaml:"persistentkeepalive" validate:"omitempty,numeric,max=1000"` + IsHub string `json:"ishub" bson:"ishub" yaml:"ishub" validate:"checkyesorno"` + AccessKey string `json:"accesskey" bson:"accesskey" yaml:"accesskey"` + Interface string `json:"interface" bson:"interface" yaml:"interface"` + LastModified int64 `json:"lastmodified" bson:"lastmodified" yaml:"lastmodified"` + ExpirationDateTime int64 `json:"expdatetime" bson:"expdatetime" yaml:"expdatetime"` + LastPeerUpdate int64 `json:"lastpeerupdate" bson:"lastpeerupdate" yaml:"lastpeerupdate"` + LastCheckIn int64 `json:"lastcheckin" bson:"lastcheckin" yaml:"lastcheckin"` + MacAddress string `json:"macaddress" bson:"macaddress" yaml:"macaddress"` + Password string `json:"password" bson:"password" yaml:"password" validate:"required,min=6"` + Network string `json:"network" bson:"network" yaml:"network" validate:"network_exists"` + IsRelayed string `json:"isrelayed" bson:"isrelayed" yaml:"isrelayed"` + IsPending string `json:"ispending" bson:"ispending" yaml:"ispending"` + IsRelay string `json:"isrelay" bson:"isrelay" yaml:"isrelay" validate:"checkyesorno"` + IsDocker string `json:"isdocker" bson:"isdocker" yaml:"isdocker" validate:"checkyesorno"` + IsK8S string `json:"isk8s" bson:"isk8s" yaml:"isk8s" validate:"checkyesorno"` + IsEgressGateway string `json:"isegressgateway" bson:"isegressgateway" yaml:"isegressgateway"` + IsIngressGateway string `json:"isingressgateway" bson:"isingressgateway" yaml:"isingressgateway"` + EgressGatewayRanges []string `json:"egressgatewayranges" bson:"egressgatewayranges" yaml:"egressgatewayranges"` + EgressGatewayNatEnabled bool `json:"egressgatewaynatenabled" bson:"egressgatewaynatenabled" yaml:"egressgatewaynatenabled"` + RelayAddrs []string `json:"relayaddrs" bson:"relayaddrs" yaml:"relayaddrs"` + IngressGatewayRange string `json:"ingressgatewayrange" bson:"ingressgatewayrange" yaml:"ingressgatewayrange"` // IsStatic - refers to if the Endpoint is set manually or dynamically IsStatic string `json:"isstatic" bson:"isstatic" yaml:"isstatic" validate:"checkyesorno"` UDPHolePunch string `json:"udpholepunch" bson:"udpholepunch" yaml:"udpholepunch" validate:"checkyesorno"` diff --git a/models/structs.go b/models/structs.go index 6b2825e9..e884b7c8 100644 --- a/models/structs.go +++ b/models/structs.go @@ -149,6 +149,7 @@ type EgressGatewayRequest struct { NodeID string `json:"nodeid" bson:"nodeid"` NetID string `json:"netid" bson:"netid"` RangeString string `json:"rangestring" bson:"rangestring"` + NatEnabled bool `josn:"natEnabled" bson:"natEnabled"` Ranges []string `json:"ranges" bson:"ranges"` Interface string `json:"interface" bson:"interface"` PostUp string `json:"postup" bson:"postup"`