Subversion Repositories ALCASAR

Rev

Rev 835 | Rev 838 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 835 Rev 837
Line 1... Line 1...
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#  $Id: alcasar.sh 835 2012-03-11 22:21:27Z richard $
2 
#  $Id: alcasar.sh 837 2012-03-12 22:21:54Z richard $
3 
 
 3 
 
4 
# alcasar.sh
 4 
# alcasar.sh
5 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
 5 
# by Franck BOUIJOUX, Pascal LEVANT and Richard REY
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
Line 331... Line 331...
331 
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2`
331 
		PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2`
332 
		rm -rf conf/etc/alcasar.conf
 332 
		rm -rf conf/etc/alcasar.conf
333 
	fi
 333 
	fi
334 
# Define Lan side Ethernet card
 334 
# Define Lan side Ethernet card
335 
	hostname $HOSTNAME
 335 
	hostname $HOSTNAME
336 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`			# @ réseau de consultation (ex.: 192.168.182.0)
 336 
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2`			# private network address (ie.: 192.168.182.0)
337 
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`			# masque réseau de consultation (ex.: 255.255.255.0)
 337 
	PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2`			# private network mask (ie.: 255.255.255.0)
338 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`					# @ip du portail (côté réseau de consultation)
 338 
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`					# ALCASAR private ip address (consultation LAN side)
339 
	private_prefix=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`				# prefixe du réseau (ex. 24)
 339 
	private_prefix=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2`				# network prefix (ie. 24)
340 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$private_prefix					# @ + masque du réseau de consult (192.168.182.0/24)
 340 
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$private_prefix					# ie.: 192.168.182.0/24
341 
	classe=$((private_prefix/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`		# classes de réseau (ex.: 2=classe B, 3=classe C)
 341 
	classe=$((private_prefix/8)); classe_sup=`expr $classe + 1`; classe_sup_sup=`expr $classe + 2`		# ie.: 2=classe B, 3=classe C
342 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.			# @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
 342 
	PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`.			# compatibility with hosts.allow et hosts.deny (ie.: 192.168.182.)
343 
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`		# @ broadcast réseau de consultation (ex.: 192.168.182.255)
 343 
	PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_NETWORK_MASK | cut -d"=" -f2`		# private network broadcast (ie.: 192.168.182.255)
344 
	tmp_mask=`echo $PRIVATE_NETWORK_MASK|cut -d"/" -f2`; half_mask=`expr $tmp_mask + 1`	# masque du 1/2 réseau de consultation (ex.: 25)
 - 
 
345 
	PRIVATE_STAT_IP=$PRIVATE_NETWORK/$half_mask						# plage des adresses statiques (ex.: 192.168.182.0/25)
 - 
 
346 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`		# dernier octet de l'@ de réseau
 344 
	private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup`		# last octet of LAN address
347 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`		# dernier octet de l'@ de broadcast
 345 
	private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup`		# last octet of LAN broadcast
348 
	private_plage=`expr $private_broadcast_ending - $private_network_ending + 1`
 - 
 
349 
	private_half_plage=`expr $private_plage / 2`
 - 
 
350 
	private_dyn=`expr $private_half_plage + $private_network_ending`
 - 
 
351 
	private_dyn_ip_network=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`"."$private_dyn"."`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup_sup-5`
 - 
 
352 
	PRIVATE_DYN_IP=`echo $private_dyn_ip_network | cut -d"." -f1-4`/$half_mask					# @ réseau (CIDR) de la plage des adresses dynamiques (ex.: 192.168.182.128/25)
 - 
 
353 
	private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4`
 - 
 
354 
	PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1`	# 1ère adresse de la plage dynamique (ex.: 192.168.182.129)
 346 
	PRIVATE_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 1`		# First network address (ex.: 192.168.182.1)
355 
	PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`		# dernière adresse de la plage dynamique (ex.: 192.168.182.254)
 347 
	PRIVATE_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1`	# last network address (ex.: 192.168.182.254)
356 
# Define Internet side Ethernet card
 348 
# Define Internet side Ethernet card
357 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
 349 
	[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
358 
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
 350 
	DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 1er DNS
359 
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
 351 
	DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` 	# @ip 2ème DNS
360 
	DNS1=${DNS1:=208.67.220.220}
 352 
	DNS1=${DNS1:=208.67.220.220}
Line 917... Line 909...
917 
cmdsocket	/var/run/chilli.sock
 909 
cmdsocket	/var/run/chilli.sock
918 
unixipc		chilli.eth1.ipc
 910 
unixipc		chilli.eth1.ipc
919 
pidfile		/var/run/chilli.eth1.pid
 911 
pidfile		/var/run/chilli.eth1.pid
920 
net		$PRIVATE_NETWORK_MASK
 912 
net		$PRIVATE_NETWORK_MASK
921 
dhcpif		$INTIF
 913 
dhcpif		$INTIF
922 
#nodynip
 - 
 
923 
dynip		$PRIVATE_DYN_IP
 914 
dynip		$PRIVATE_NETWORK_MASK
924 
statip		$PRIVATE_STAT_IP
 - 
 
925 
ethers		$DIR_DEST_ETC/alcasar-ethers
 915 
ethers		$DIR_DEST_ETC/alcasar-ethers
926 
domain		localdomain
 916 
domain		localdomain
927 
dns1		$PRIVATE_IP
 917 
dns1		$PRIVATE_IP
928 
dns2		$PRIVATE_IP
 918 
dns2		$PRIVATE_IP
929 
uamlisten	$PRIVATE_IP
 919 
uamlisten	$PRIVATE_IP
930 
uamport		3990
 920 
uamport		3990
- 
 
 921 
macauth
931 
macallowlocal
 922 
macpasswd	password
932 
locationname	$HOSTNAME
 923 
locationname	$HOSTNAME
933 
radiusserver1	127.0.0.1
 924 
radiusserver1	127.0.0.1
934 
radiusserver2	127.0.0.1
 925 
radiusserver2	127.0.0.1
935 
radiussecret	$secretradius
 926 
radiussecret	$secretradius
936 
radiusauthport	1812
 927 
radiusauthport	1812
Line 940... Line 931...
940 
uamsecret	$secretuam
 931 
uamsecret	$secretuam
941 
uamallowed	alcasar
 932 
uamallowed	alcasar
942 
coaport		3799
 933 
coaport		3799
943 
include		$DIR_DEST_ETC/alcasar-uamallowed
 934 
include		$DIR_DEST_ETC/alcasar-uamallowed
944 
include		$DIR_DEST_ETC/alcasar-uamdomain
 935 
include		$DIR_DEST_ETC/alcasar-uamdomain
945 
include		$DIR_DEST_ETC/alcasar-macallowed
 - 
 
946 
EOF
 936 
EOF
947 
# création du fichier d'allocation d'adresses IP statiques
 937 
# création du fichier d'allocation d'adresses IP statiques
948 
	touch $DIR_DEST_ETC/alcasar-ethers
 938 
	touch $DIR_DEST_ETC/alcasar-ethers
949 
# création des fichiers de sites, d'urls et d'adresses MAC de confiance
 939 
# création des fichiers de sites, d'urls et d'adresses MAC de confiance
950 
	touch $DIR_DEST_ETC/alcasar-macallowed $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
 940 
	touch $DIR_DEST_ETC/alcasar-macallowed $DIR_DEST_ETC/alcasar-uamallowed $DIR_DEST_ETC/alcasar-uamdomain
Line 1209... Line 1199...
1209 
bogus-priv
 1199 
bogus-priv
1210 
filterwin2k
 1200 
filterwin2k
1211 
server=$DNS1
 1201 
server=$DNS1
1212 
server=$DNS2
 1202 
server=$DNS2
1213 
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
 1203 
# le servive DHCP est configuré mais n'est exploité que pour le "bypass"
1214 
dhcp-range=$PRIVATE_DYN_FIRST_IP,$PRIVATE_DYN_LAST_IP,$PRIVATE_NETMASK,12h
 1204 
dhcp-range=$PRIVATE_FIRST_IP,$PRIVATE_LAST_IP,$PRIVATE_NETMASK,12h
1215 
dhcp-option=option:router,$PRIVATE_IP
 1205 
dhcp-option=option:router,$PRIVATE_IP
1216 
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
 1206 
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
1217 
 
 1207 
 
1218 
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
 1208 
# Exemple de configuration statique : <@MAC>,<name>,<@IP>,<MASK>,<ttl bail>
1219 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m
 1209 
#dhcp-host=11:22:33:44:55:66,ssic-test,192.168.182.20,255.255.255.0,45m