/alcasar.sh |
---|
491,13 → 491,15 |
then |
echo "PUBLIC_IP=dhcp" >> $CONF_FILE |
echo "GW=dhcp" >> $CONF_FILE |
echo "DNS1=dhcp" >> $CONF_FILE |
echo "DNS2=dhcp" >> $CONF_FILE |
else |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
fi |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE |
echo "DHCP=on" >> $CONF_FILE |
echo "EXT_DHCP_IP=none" >> $CONF_FILE |
521,9 → 523,21 |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF |
if [ $IP_SETTING == "dhcp" ] |
then |
$SED "s?^RESOLV_MODS=.*?RESOLV_MODS=yes?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^PEERDNS=.*?PEERDNS=no?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
echo "DNS1=127.0.0.1" >> /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
DEVICE=$EXTIF |
BOOTPROTO=dhcp |
DNS1=127.0.0.1 |
PEERDNS=no |
RESOLV_MODS=yes |
ONBOOT=yes |
METRIC=10 |
MII_NOT_SUPPORTED=yes |
IPV6INIT=no |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
MTU=$MTU |
EOF |
else |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
DEVICE=$EXTIF |
/scripts/alcasar-conf.sh |
---|
165,6 → 165,12 |
exit 0 |
fi |
PUBLIC_IP_MASK=`grep ^PUBLIC_IP $CONF_FILE|cut -d"=" -f2` |
if [[ "$PUBLIC_IP_MASK" == "dhcp" ]] |
then |
PUBLIC_GATEWAY="dhcp" |
DNS1="dhcp" |
DNS2="dhcp" |
else |
check=$(echo $PUBLIC_IP_MASK | egrep $PTN) |
if [[ "$?" -ne 0 ]] |
then |
195,6 → 201,7 |
fi |
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1` |
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2` |
fi |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` |
private_network_calc |
208,7 → 215,9 |
then |
$DIR_SBIN/alcasar-dhcp.sh --off |
fi |
# Logout everybody |
$DIR_SBIN/alcasar-logout.sh all |
# Services stop |
echo -n "Stop services : " |
for i in ntpd httpd tinyproxy dnsmasq dnsmasq-whitelist dnsmasq-blacklist chilli network |
do |
220,9 → 229,42 |
# /etc/hosts |
$SED "/alcasar/s?.*?$PRIVATE_IP\talcasar alcasar.localdomain?g" /etc/hosts |
# EXTIF config |
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
if [ $PUBLIC_IP_MASK == "dhcp" ] |
then |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
DEVICE=$EXTIF |
BOOTPROTO=dhcp |
DNS1=127.0.0.1 |
PEERDNS=no |
RESOLV_MODS=yes |
ONBOOT=yes |
METRIC=10 |
MII_NOT_SUPPORTED=yes |
IPV6INIT=no |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
MTU=$MTU |
EOF |
else |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
DEVICE=$EXTIF |
BOOTPROTO=static |
IPADDR=$PUBLIC_IP |
NETMASK=$PUBLIC_NETMASK |
GATEWAY=$PUBLIC_GATEWAY |
DNS1=127.0.0.1 |
RESOLV_MODS=yes |
ONBOOT=yes |
METRIC=10 |
MII_NOT_SUPPORTED=yes |
IPV6INIT=no |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
MTU=$MTU |
EOF |
fi |
# INTIF config (for bypass mode only) |
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF |
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/bypass-ifcfg-$INTIF |
265,10 → 307,6 |
$SED "s?^filterip.*?filterip = $PRIVATE_IP?g" /etc/dansguardian/dansguardian.conf |
# Watchdog |
$SED "s?^PRIVATE_IP=.*?PRIVATE_IP=\"$PRIVATE_IP\"?g" $DIR_BIN/alcasar-watchdog.sh |
# SSHD |
$SED "/^ListenAddress/d" /etc/ssh/sshd_config |
$SED "/ListenAddress 0.0.0.0.*/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config |
$SED "/ListenAddress $PUBLIC_IP/a\ListenAddress $PRIVATE_IP" /etc/ssh/sshd_config |
# Prompts |
$SED "s?^ORGANISME.*?ORGANISME=$ORGANISME?g" /etc/bashrc |
# sudoers |
/scripts/alcasar-iptables.sh |
---|
19,12 → 19,24 |
private_prefix=`/bin/ipcalc -p $private_ip_mask|cut -d"=" -f2` # LAN prefix (ie. 24) |
PRIVATE_NETWORK_MASK=$private_network/$private_prefix # Lan IP address + prefix (192.168.182.0/24) |
public_ip_mask=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` # ALCASAR WAN IP address |
if [[ "$public_ip_mask" == "dhcp" ]] |
then |
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([012]?[0-9]|3[0-2])\b" |
$public_ip_mask=`ip addr show $EXTIF | egrep -o $PTN` |
dns1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1` |
nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l` |
if [ $nb_dns == 2 ] |
then |
dns2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1` |
fi |
else |
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2` |
dns2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2` |
fi |
PUBLIC_IP=`echo $public_ip_mask | cut -d"/" -f1` |
dns1=`grep ^DNS1= $CONF_FILE|cut -d"=" -f2` # first public DNS server |
dns1=${dns1:=208.67.220.220} |
dns2=`grep ^DNS2= $CONF_FILE|cut -d"=" -f2` # second public DNS server |
dns2=${dns2:=208.67.222.222} |
DNSSERVERS="$dns1,$dns2" # first and second DNS IP servers addresses |
DNSSERVERS="$dns1,$dns2" # first and second public DNS servers |
PROTOCOLS_FILTERING=`grep ^PROTOCOLS_FILTERING= $CONF_FILE|cut -d"=" -f2` # Network protocols filter (on/off) |
PROTOCOLS_FILTERING=${PROTOCOLS_FILTERING:=off} |
BL_IP_CAT="/usr/local/share/iptables-bl-enabled" # categories files of the BlackListed IP |