Subversion Repositories ALCASAR

Rev

Rev 2979 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2979 Rev 2983
Line 9... Line 9...
9 
 
 9 
 
10 
CONF_FILE="/usr/local/etc/alcasar.conf"
 10 
CONF_FILE="/usr/local/etc/alcasar.conf"
11 
TMP_ip_gw_save="/tmp/ipset_ip_gw_save"
 11 
TMP_ip_gw_save="/tmp/ipset_ip_gw_save"
12 
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`
 12 
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`
13 
PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
 13 
PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
- 
 
 14 
if [ $PUBLIC_IP != "dhcp" ]; then
14 
GW1=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
 15 
	GW1=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
15 
MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2`
 16 
	MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2`
16 
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
 17 
	MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
17 
MULTIWAN=${MULTIWAN:=off}
 18 
	MULTIWAN=${MULTIWAN:=off}
18 
NET="`ipcalc -n $PUBLIC_IP | cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP | cut -d"=" -f2`"
 19 
	NET="`ipcalc -n $PUBLIC_IP | cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP | cut -d"=" -f2`"
19 
IP=`echo $PUBLIC_IP | cut -d"/" -f1`
 20 
	IP=`echo $PUBLIC_IP | cut -d"/" -f1`
20 
PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE | cut -d"=" -f2`
 21 
	PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE | cut -d"=" -f2`
21 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
 22 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
22 
PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2`
 23 
	PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2`
23 
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`		# prefixe du réseau (ex. 24)
 24 
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`	# prefixe du réseau (ex. 24)
24 
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`	# @ réseau de consultation (ex.: 192.168.182.0)
 25 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`	# @ réseau de consultation (ex.: 192.168.182.0)
25 
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX							# @ + masque du réseau de consult (192.168.182.0/24)
 26 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX				# @ + masque du réseau de consult (192.168.182.0/24)
26 
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
 27 
	nb_gw=`grep ^WAN $CONF_FILE | wc -l`
- 
 
 28 
fi
27 
routecmd="ip route replace default scope global"
 29 
routecmd="ip route replace default scope global"
28 
 
 30 
 
29 
if [ $(whoami) != "root" ]; then
 31 
if [ $(whoami) != "root" ]; then
30 
	echo "You must be root to run this!" ; echo ; exit 1
 32 
	echo "You must be root to run this!" ; echo ; exit 1
31 
fi
 33 
fi
Line 55... Line 57...
55 
	exit 0
 57 
	exit 0
56 
	;;
 58 
	;;
57 
	--apply)
 59 
	--apply)
58 
		[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF
 60 
		[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF
59 
		# set the new configuration for EXTIF
 61 
		# set the new configuration for EXTIF
- 
 
 62 
		if [ $PUBLIC_IP == "dhcp" ]; then
60 
		cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
 63 
			cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
- 
 
 64 
DEVICE=$EXTIF
- 
 
 65 
BOOTPROTO=dhcp
- 
 
 66 
DNS1=127.0.0.1
- 
 
 67 
PEERDNS=no
- 
 
 68 
RESOLV_MODS=yes
- 
 
 69 
ONBOOT=yes
- 
 
 70 
NOZEROCONF=yes
- 
 
 71 
METRIC=10
- 
 
 72 
MII_NOT_SUPPORTED=yes
- 
 
 73 
IPV6INIT=no
- 
 
 74 
IPV6TO4INIT=no
- 
 
 75 
ACCOUNTING=no
- 
 
 76 
USERCTL=no
- 
 
 77 
MTU=$MTU
- 
 
 78 
EOF
- 
 
 79 
			ifup $EXTIF
- 
 
 80 
		else
- 
 
 81 
			cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
61 
DEVICE=$EXTIF
 82 
DEVICE=$EXTIF
62 
BOOTPROTO=static
 83 
BOOTPROTO=static
63 
IPADDR=$IP
 84 
IPADDR=$IP
64 
NETMASK=`ipcalc -m $PUBLIC_IP | cut -d= -f2`
 85 
NETMASK=`ipcalc -m $PUBLIC_IP | cut -d= -f2`
65 
NETWORK=`ipcalc -n $PUBLIC_IP | cut -d= -f2`
 86 
NETWORK=`ipcalc -n $PUBLIC_IP | cut -d= -f2`
Line 74... Line 95...
74 
ACCOUNTING=no
 95 
ACCOUNTING=no
75 
USERCTL=no
 96 
USERCTL=no
76 
MTU=$MTU
 97 
MTU=$MTU
77 
NOZEROCONF=yes
 98 
NOZEROCONF=yes
78 
EOF
 99 
EOF
79 
		ifup $EXTIF
 100 
			ifup $EXTIF
80 
		ip route flush ${NET}	# Remove the previous route for the network of EXTIF
 101 
			ip route flush ${NET}	# Remove the previous route for the network of EXTIF
81 
		ip route delete default scope global	# Remove the previous default route
 102 
			ip route delete default scope global	# Remove the previous default route
82 
		ip route add ${NET} dev ${EXTIF} src ${IP}	 # Set the new route for EXTIF network
 103 
			ip route add ${NET} dev ${EXTIF} src ${IP}	 # Set the new route for EXTIF network
83 
		ip route add ${NET} dev ${EXTIF} src ${IP} table 200	# Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}`
 104 
			ip route add ${NET} dev ${EXTIF} src ${IP} table 200	# Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}`
84 
		ip route add default via ${GW1} table 200
 105 
			ip route add default via ${GW1} table 200
85 
		routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}"
 106 
			routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}"
86 
		ip rule flush	# Remove the previous routing rules
 107 
			ip rule flush	# Remove the previous routing rules
87 
		ip rule add from all lookup main pref 32766	# Set back the main rules
 108 
			ip rule add from all lookup main pref 32766	# Set back the main rules
88 
		ip rule add from all lookup default pref 32767	# Set back the default rules
 109 
			ip rule add from all lookup default pref 32767	# Set back the default rules
89 
		ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200	# Add the rule for the first gateway
 110 
			ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200	# Add the rule for the first gateway
90 
		if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
 111 
			if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
91 
			nb_gw_supp=`grep ^WAN $CONF_FILE|wc -l`
 112 
				nb_gw_supp=`grep ^WAN $CONF_FILE|wc -l`
92 
			for ((i=0 ; $i < $nb_gw_supp ; i++)); do
 113 
				for ((i=0 ; $i < $nb_gw_supp ; i++)); do
93 
				table=$(($i + 201))	# This number is used to mark the paquets in order to route them to the choosen GW
114 
					table=$(($i + 201))	# This number is used to mark the paquets in order to route them to the choosen GW
94 
				GW=`grep ^WAN$(($i + 1))= $CONF_FILE|awk -F'"' '{ print $2 }' | awk -F, '{print $1}'`
 115 
					GW=`grep ^WAN$(($i + 1))= $CONF_FILE|awk -F'"' '{ print $2 }' | awk -F, '{print $1}'`
95 
				ip route add ${NET} dev ${EXTIF} src ${IP} table $table	# Add the others route in their respective tables
 116 
					ip route add ${NET} dev ${EXTIF} src ${IP} table $table	# Add the others route in their respective tables
96 
				ip route add default via ${GW} table $table
 117 
					ip route add default via ${GW} table $table
97 
				ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table	# Add the rule for each rule depending of the mark set by the firewall
 118 
					ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table	# Add the rule for each rule depending of the mark set by the firewall
98 
				routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}"	# add the added gateway into the default gateway
 119 
					routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}"	# add the added gateway into the default gateway
99 
			done
 120 
				done
- 
 
 121 
			fi
- 
 
 122 
			${routecmd}	# define the default gateway for outgoing traffic
- 
 
 123 
			ip route flush cache
100 
		fi
 124 
		fi
101 
		${routecmd}	# define the default gateway for outgoing traffic
 - 
 
102 
		ip route flush cache
 125 
		/usr/local/bin/alcasar-iptables.sh
103 
		exit 0
 126 
		exit 0
104 
		;;
 127 
		;;
105 
	*)
 128 
	*)
106 
		exit 1
 129 
		exit 1
107 
		;;
 130 
		;;