Merge pull request #330 from amintong/master

dnat rule add dst restrictions
network in NAT mode, processing packets only with the destination (dst) set to the container IP can prevent packets coming out of the QEMU virtual machine through eth0 from being incorrectly DNAT
2025-11-06 18:13:43 +08:00 · 2023-10-08 15:08:25 +02:00 · 2023-10-08 19:48:00 +08:00 · 2023-10-07 12:09:11 +02:00 · 2023-10-07 12:06:22 +02:00 · 2023-10-05 16:53:56 +02:00
2 changed files with 15 additions and 5 deletions
--- a/run/install.sh
+++ b/run/install.sh
@@ -32,12 +32,19 @@ rm -f "$STORAGE"/"$BASE".boot.img
 rm -f "$STORAGE"/"$BASE".system.img

 TMP="/tmp/dsm"
-RDC="$STORAGE/dsm.rd"
-
+FS=$(stat -f -c %T "$STORAGE")
+[[ "$FS" == "ext"* ]] && TMP="$STORAGE/tmp"
 rm -rf "$TMP" && mkdir -p "$TMP"

+# Check free diskspace
+MIN_SPACE=5842450944
+SPACE=$(df --output=avail -B 1 "$TMP" | tail -n 1)
+(( MIN_SPACE > SPACE )) && error "Not enough free space for installation." && exit 95
+
 [[ "${DEBUG}" == [Yy1]* ]] && set -x

+RDC="$STORAGE/dsm.rd"
+
 if [ ! -f "${RDC}" ]; then

  info "Install: Downloading installer..."
@@ -253,7 +260,7 @@ echo "$BASE" > "$STORAGE"/dsm.ver

 # Check free diskspace
 SPACE=$(df --output=avail -B 1 "$STORAGE" | tail -n 1)
-(( 6442450944 > SPACE )) && error "Not enough free space in destination folder." && exit 94
+(( MIN_SPACE > SPACE )) && error "Not enough free space in storage folder." && exit 94

 mv -f "$PAT" "$STORAGE"/"$BASE".pat
 mv -f "$BOOT" "$STORAGE"/"$BASE".boot.img
--- a/run/network.sh
+++ b/run/network.sh
@@ -146,10 +146,13 @@ configureNAT () {

  ip link set dev "${VM_NET_TAP}" master dockerbridge

+
  # Add internet connection to the VM
+  IP=$(ip address show dev "${VM_NET_DEV}" | grep inet | awk '/inet / { print $2 }' | cut -f1 -d/)
+
  iptables -t nat -A POSTROUTING -o "${VM_NET_DEV}" -j MASQUERADE
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p tcp  -j DNAT --to $VM_NET_IP
-  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -p udp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p tcp  -j DNAT --to $VM_NET_IP
+  iptables -t nat -A PREROUTING -i "${VM_NET_DEV}" -d "${IP}" -p udp  -j DNAT --to $VM_NET_IP

  if (( KERNEL > 4 )); then
    # Hack for guest VMs complaining about "bad udp checksums in 5 packets"
Author	SHA1	Message	Date
Kroese	da4555925b	Merge pull request #330 from amintong/master dnat rule add dst restrictions	2023-10-08 15:08:25 +02:00
tong min	8c6f7e49ef	network in NAT mode, processing packets only with the destination (dst) set to the container IP can prevent packets coming out of the QEMU virtual machine through eth0 from being incorrectly DNAT	2023-10-08 19:48:00 +08:00
Kroese	06829aac67	refactor: Filesystem detection refactor: Filesystem detection	2023-10-07 12:09:11 +02:00
Kroese	e5b7ade0d0	refactor: Filesystem detection	2023-10-07 12:06:22 +02:00
Kroese	c1de32eff6	feat: Check filesystem during installation feat: Check filesystem during installation	2023-10-05 16:53:56 +02:00
Kroese	c2dc0cd3b6	feat: Check filesystem during installation	2023-10-05 16:49:00 +02:00
Kroese	e2a4ab7515	feat: Check filesystem during installation	2023-10-05 16:45:12 +02:00