Subversion Repositories ALCASAR

Rev

Rev 2960 | Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
2956 rexy 1
#!/bin/bash
2
 
3
# alcasar-network.sh
4
# by Pierre RIVAULT and Rexy
5
# This script is distributed under the Gnu General Public License (GPL)
6
 
7
# Met à jour la configuration réseau conformément au fichier de configuration (alcasar.conf)
8
# update network configuration according to alcasar.conf
9
 
10
CONF_FILE="/usr/local/etc/alcasar.conf"
11
TMP_ip_gw_save="/tmp/ipset_ip_gw_save"
12
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`
13
PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
14
GW1=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
15
MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2`
16
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
17
MULTIWAN=${MULTIWAN:=Off}
18
NET="`ipcalc -n $PUBLIC_IP | cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP | cut -d"=" -f2`"
19
IP=`echo $PUBLIC_IP | cut -d"/" -f1`
20
PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE | cut -d"=" -f2`
21
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
22
PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2`
23
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`		# prefixe du réseau (ex. 24)
24
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`	# @ réseau de consultation (ex.: 192.168.182.0)
25
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX							# @ + masque du réseau de consult (192.168.182.0/24)
26
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
27
routecmd="ip route replace default scope global"
28
 
29
if [ $(whoami) != "root" ]; then
30
	echo "You must be root to run this!" ; echo ; exit 1
31
fi
32
 
33
if [ $# -eq 0 ]; then
34
	args="--apply"
35
else
36
	args=$1
37
fi
38
 
39
case $args in
40
	--save)
41
		rm -f $TMP_ip_gw_save
42
		# ipset name list for load_balancing
43
		gw_list="gw0"
44
		for ((i=1 ; i<=$nb_gw ; i++)); do
45
			gw_list="${gw_list} gw$i"
46
		done
47
		# Saving all of the already connected IP in order to put them back in the load balancing after
48
		for i in $gw_list;do
49
			ipset list $i 1>/dev/null 2>&1
50
			if [ $? -eq 0 ]
51
			then
52
				# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines except the members
53
				ipset list $i | cut -d":" -f5 | sed '/^[[:space:]]*$/d' >> $TMP_ip_gw_save
54
			fi
55
		done
56
	exit 0
57
	;;
58
	--apply)
59
		[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF
60
		# set the new configuration for EXTIF
61
		cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
62
DEVICE=$EXTIF
63
BOOTPROTO=static
64
IPADDR=$IP
65
NETMASK=`ipcalc -m $PUBLIC_IP | cut -d= -f2`
66
NETWORK=`ipcalc -n $PUBLIC_IP | cut -d= -f2`
67
GATEWAY=$GW1
68
DNS1=127.0.0.1
69
RESOLV_MODS=yes
70
ONBOOT=yes
71
METRIC=10
72
MII_NOT_SUPPORTED=yes
73
IPV6INIT=no
74
IPV6TO4INIT=no
75
ACCOUNTING=no
76
USERCTL=no
77
MTU=$MTU
78
NOZEROCONF=yes
79
EOF
80
		ifup $EXTIF
81
		ip route flush ${NET}	# Remove the previous route for the network of EXTIF
82
		ip route delete default scope global	# Remove the previous default route
83
		ip route add ${NET} dev ${EXTIF} src ${IP}	 # Set the new route for EXTIF network
84
		ip route add ${NET} dev ${EXTIF} src ${IP} table 200	# Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}`
85
		ip route add default via ${GW1} table 200
86
		routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}"
87
		ip rule flush	# Remove the previous routing rules
88
		ip rule add from all lookup main pref 32766	# Set back the main rules
89
		ip rule add from all lookup default pref 32767	# Set back the default rules
90
		ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200	# Add the rule for the first gateway
91
		if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
92
			nb_gw_supp=`grep ^WAN $CONF_FILE|wc -l`
93
			for ((i=0 ; $i < $nb_gw_supp ; i++)); do
94
				table=$(($i + 201))	# This number is used to mark the paquets in order to route them to the choosen GW 
95
				GW=`grep ^WAN$(($i + 1))= $CONF_FILE|awk -F'"' '{ print $2 }' | awk -F, '{print $1}'`
96
				ip route add ${NET} dev ${EXTIF} src ${IP} table $table	# Add the others route in their respective tables
97
				ip route add default via ${GW} table $table
98
				ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table	# Add the rule for each rule depending of the mark set by the firewall
99
				routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}"	# add the added gateway into the default gateway
100
			done
101
		fi
102
		${routecmd}	# define the default gateway for outgoing traffic
103
		ip route flush cache
104
		exit 0
105
		;;
106
	*)
107
		exit 1
108
		;;
109
esac