From 00342cf8356adb45e2b8faf7de70ea839efb25e7 Mon Sep 17 00:00:00 2001
From: Hugo Levy-Falk <hugo.levy--falk@supelec.fr>
Date: Mon, 20 May 2019 10:56:31 +0200
Subject: [PATCH] Fix nat for federez radius

---
 archi.nft | 4 +++-
 nat.nft   | 5 ++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/archi.nft b/archi.nft
index e472e84..2e7a250 100644
--- a/archi.nft
+++ b/archi.nft
@@ -22,5 +22,7 @@ define range_aloes = 10.66.0.0/27
 define range_prerezotage = 10.68.0.0/16
 define range_public = 193.48.225.0/24
 
-define ip_self_public = 193.48.225.2
+define ip_self_public = 193.48.225.254
+
 define ip_radius = 10.7.0.124
+
diff --git a/nat.nft b/nat.nft
index 60ab593..4f1d765 100644
--- a/nat.nft
+++ b/nat.nft
@@ -11,7 +11,7 @@ table ip nat {
 		type nat hook prerouting priority 0;
 		ip saddr $range_prerezotage ip daddr != { $intranet, $comnpay, $website } tcp dport {http,https} dnat $bounce_server;
 		ip saddr @radius_federez ip daddr $ip_self_public tcp dport { 636, 389 } dnat $ip_radius; 
-		ip saddr @radius_federez ip daddr $ip_self_public udp dport { 636 } dnat $ip_radius; 
+		ip saddr @radius_federez ip daddr $ip_self_public udp dport { 636, 1812 } dnat $ip_radius; 
 	}
 
 
@@ -20,6 +20,9 @@ table ip nat {
 
 		meta oifname != $if_supelec return
 
+		ip saddr $ip_radius ip daddr @radius_federez tcp dport { 636, 389} snat to $ip_self_public 
+		ip saddr $ip_radius ip daddr @radius_federez udp dport { 636, 1812 } snat to $ip_self_public 
+
 		ip daddr != {10.0.0.0/8, $range_public} ip saddr vmap {
 			$range_adherent : goto adherent_nat,
 			$range_admin : goto admin_nat,