226,8 → 226,9 |
echo -n "." |
|
# Test EXTIF config files |
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` |
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` |
PUBLIC_IP_MASK=`ip addr show $EXTIF|grep "inet "|cut -d" " -f6` |
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1` |
PUBLIC_GATEWAY=`ip route list|grep ^default|cut -d" " -f3` |
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ] |
then |
if [ $Lang == "fr" ] |
269,14 → 270,13 |
fi |
echo -n "." |
# On teste le lien vers le routeur par defaut |
IP_GW=`ip route list|grep ^default|cut -d" " -f3` |
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $IP_GW|grep response|cut -d" " -f2` |
arp_reply=`/usr/sbin/arping -b -I$EXTIF -c1 -w2 $PUBLIC_GATEWAY|grep response|cut -d" " -f2` |
if [ $(expr $arp_reply) -eq 0 ] |
then |
if [ $Lang == "fr" ] |
then |
echo "Échec" |
echo "Le routeur de site ou la Box Internet ($IP_GW) ne répond pas." |
echo "Le routeur de site ou la Box Internet ($PUBLIC_GATEWAY) ne répond pas." |
echo "Réglez ce problème puis relancez ce script." |
else |
echo "Failed" |
432,35 → 432,50 |
hostname $HOSTNAME.$DOMAIN |
echo $HOSTNAME.$DOMAIN > /etc/hostname |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # private network address (ie.: 192.168.182.0) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f4` # last octet of LAN address |
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # private network mask (ie.: 255.255.255.0) |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24) |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # ALCASAR private ip address (consultation LAN side) |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # network prefix (ie. 24) |
if [ $PRIVATE_IP == $PRIVATE_NETWORK ] # when entering network address instead of ip address |
then |
PRIVATE_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` |
PRIVATE_IP_MASK=`echo $PRIVATE_IP/$PRIVATE_PREFIX` |
fi |
private_ip_ending=`echo $PRIVATE_IP | cut -d"." -f4` # last octet of LAN address |
PRIVATE_SECOND_IP=`echo $PRIVATE_IP | cut -d"." -f1-3`"."`expr $private_ip_ending + 1` # second network address (ex.: 192.168.182.2) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # ie.: 192.168.182.0/24 |
classe=$((PRIVATE_PREFIX/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2` # ie.: 2=classe B, 3=classe C |
classe=$((PRIVATE_PREFIX/8)) # ie.: 2=classe B, 3=classe C |
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.) |
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2` # private network broadcast (ie.: 192.168.182.255) |
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # last octet of LAN address |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # last octet of LAN broadcast |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
PRIVATE_SECOND_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # second network address (ex.: 192.168.182.2) |
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f4` # last octet of LAN broadcast |
PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1` # First network address (ex.: 192.168.182.1) |
PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # last network address (ex.: 192.168.182.254) |
PRIVATE_MAC=`/sbin/ip link show $INTIF | grep ether | cut -d" " -f6` # MAC address of INTIF |
# Define Internet parameters |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF |
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS |
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS |
DNS1=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|head -n 1` # 1st DNS server |
nb_dns=`grep ^nameserver /etc/resolv.conf|wc -l` |
if [ $nb_dns == 2 ] |
then |
DNS2=`grep ^nameserver /etc/resolv.conf|cut -d" " -f2|tail -n 1` # 2nd DNS server (if exist) |
fi |
DNS1=${DNS1:=208.67.220.220} |
DNS2=${DNS2:=208.67.222.222} |
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` |
DEFAULT_PUBLIC_NETMASK=`ipcalc -m $PUBLIC_IP | cut -d"=" -f2` |
PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK} |
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2` |
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK|cut -d"=" -f2` |
PUBLIC_NETWORK=`/bin/ipcalc -n $PUBLIC_IP/$PUBLIC_PREFIX|cut -d"=" -f2` |
# Wrtie the conf file |
echo "EXTIF=$EXTIF" >> $CONF_FILE |
echo "INTIF=$INTIF" >> $CONF_FILE |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE |
IP_SETTING=`grep BOOTPROTO /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2` # IP setting (static or dynamic) |
if [ $IP_SETTING == "dhcp" ] |
then |
echo "PUBLIC_IP=dhcp" >> $CONF_FILE |
echo "GW=dhcp" >> $CONF_FILE |
else |
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE |
fi |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE |
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE |
469,21 → 484,28 |
echo "RELAY_DHCP_IP=none" >> $CONF_FILE |
echo "RELAY_DHCP_PORT=none" >> $CONF_FILE |
echo "PROTOCOLS_FILTERING=off" >> $CONF_FILE |
# network default |
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default |
# config network |
cat <<EOF > /etc/sysconfig/network |
NETWORKING=yes |
HOSTNAME="$HOSTNAME.$DOMAIN" |
FORWARD_IPV4=true |
EOF |
# config /etc/hosts |
# /etc/hosts config |
[ -e /etc/hosts.default ] || cp /etc/hosts /etc/hosts.default |
cat <<EOF > /etc/hosts |
127.0.0.1 localhost |
$PRIVATE_IP $HOSTNAME.$DOMAIN $HOSTNAME $ORGANISME.$DOMAIN $ORGANISME |
EOF |
# Config EXTIF (Internet) |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
# EXTIF (Internet) config |
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF |
if [ $IP_SETTING == "dhcp" ] |
then |
$SED "s?^RESOLV_MODS=.*?RESOLV_MODS=yes?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
$SED "s?^PEERDNS=.*?PEERDNS=no?g" /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
echo "DNS1=127.0.0.1" >> /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
else |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
DEVICE=$EXTIF |
BOOTPROTO=static |
IPADDR=$PUBLIC_IP |
490,9 → 512,9 |
NETMASK=$PUBLIC_NETMASK |
GATEWAY=$PUBLIC_GATEWAY |
DNS1=127.0.0.1 |
RESOLV_MODS=yes |
ONBOOT=yes |
METRIC=10 |
NOZEROCONF=yes |
MII_NOT_SUPPORTED=yes |
IPV6INIT=no |
IPV6TO4INIT=no |
500,6 → 522,7 |
USERCTL=no |
MTU=$MTU |
EOF |
fi |
# Config INTIF (consultation LAN) in normal mode |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF |
DEVICE=$INTIF |
1761,8 → 1784,7 |
# postfix banner anonymisation |
$SED "s?^smtpd_banner =.*?smtpd_banner = $myhostname ESMTP?g" /etc/postfix/main.cf |
# sshd écoute côté LAN et WAN |
$SED "s?^#ListenAddress 0\.0\.0\.0?ListenAddress $PRIVATE_IP?g" /etc/ssh/sshd_config |
$SED "/^ListenAddress $PRIVATE_IP/a\ListenAddress $PUBLIC_IP" /etc/ssh/sshd_config |
$SED "s?^#ListenAddress.*?ListenAddress 0\.0\.0\.0?g" /etc/ssh/sshd_config |
# Put the default value in conf file (sshd, QOS and protocols/dns/ are off)(web antivirus is on) |
echo "SSH=off" >> $CONF_FILE |
echo 'SSH_ADMIN_FROM=0.0.0.0/0.0.0.0' >> $CONF_FILE |