WebSVN – ALCASAR – Diff – /scripts/alcasar-network.sh


#!/bin/bash
 
# alcasar-network.sh
# by Pierre RIVAULT and Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# Met à jour la configuration réseau conformément au fichier de configuration (alcasar.conf)
# update network configuration according to alcasar.conf
 
CONF_FILE="/usr/local/etc/alcasar.conf"
TMP_ip_gw_save="/tmp/ipset_ip_gw_save"
DOMAIN=`grep ^DOMAIN= $CONF_FILE|cut -d"=" -f2`
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`
PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
if [ $PUBLIC_IP != "dhcp" ]; then
	GW1=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
	MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2`
	MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
	MULTIWAN=${MULTIWAN:=off}
	NET="`ipcalc -n $PUBLIC_IP | cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP | cut -d"=" -f2`"
	IP=`echo $PUBLIC_IP | cut -d"/" -f1`
	PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE | cut -d"=" -f2`
	PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
	PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2`
	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2`	# prefixe du réseau (ex. 24)
	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2`	# @ réseau de consultation (ex.: 192.168.182.0)
	PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX				# @ + masque du réseau de consult (192.168.182.0/24)
	nb_gw=`grep ^WAN $CONF_FILE | wc -l`
fi
routecmd="ip route replace default scope global"
 
if [ $(whoami) != "root" ]; then
	echo "You must be root to run this!" ; echo ; exit 1
fi
 
if [ $# -eq 0 ]; then
	args="--apply"
else
	args=$1
fi
 
case $args in
	--save)	# save all the IP before changing the configuration
		rm -f $TMP_ip_gw_save
		gw_list="gw0"	# ipset name list for load_balancing
		for ((i=1 ; i<=$nb_gw ; i++)); do
			gw_list="${gw_list} gw$i"
		done
		# Saving all of the already connected IP in order to put them back in the load balancing after
		for i in $gw_list;do
			ipset list $i 1>/dev/null 2>&1
			if [ $? -eq 0 ]
			then
				# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines except the members
				ipset list $i | grep -v ":" >> $TMP_ip_gw_save
			fi
		done
	exit 0
	;;
	--apply)
		[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF
		# set the new configuration for EXTIF
		if [ $PUBLIC_IP == "dhcp" ]; then
			cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=dhcp
DNS1=127.0.0.1
PEERDNS=no
RESOLV_MODS=yes
ONBOOT=yes
NOZEROCONF=yes
METRIC=10
MII_NOT_SUPPORTED=yes
IPV6INIT=no
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
MTU=$MTU
EOF
			ifup $EXTIF
		else
			cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=static
IPADDR=$IP
NETMASK=`ipcalc -m $PUBLIC_IP | cut -d= -f2`
NETWORK=`ipcalc -n $PUBLIC_IP | cut -d= -f2`
GATEWAY=$GW1
DNS1=127.0.0.1
RESOLV_MODS=yes
ONBOOT=yes
METRIC=10
MII_NOT_SUPPORTED=yes
IPV6INIT=no
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
MTU=$MTU
NOZEROCONF=yes
EOF
			ifup $EXTIF
			ip route flush ${NET}	# Remove the previous route for the network of EXTIF
			ip route delete default scope global	# Remove the previous default route
			ip route add ${NET} dev ${EXTIF} src ${IP}	 # Set the new route for EXTIF network
			ip route add ${NET} dev ${EXTIF} src ${IP} table 200	# Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}`
			ip route add default via ${GW1} table 200
			routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}"
			ip rule flush	# Remove the previous routing rules
			ip rule add from all lookup main pref 32766	# Set back the main rules
			ip rule add from all lookup default pref 32767	# Set back the default rules
			ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200	# Add the rule for the first gateway
			if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
				nb_gw_supp=`grep ^WAN $CONF_FILE|wc -l`
				for ((i=0 ; $i < $nb_gw_supp ; i++)); do
					table=$(($i + 201))	# This number is used to mark the paquets in order to route them to the choosen GW 
					GW=`grep ^WAN$(($i + 1))= $CONF_FILE|awk -F'"' '{ print $2 }' | awk -F, '{print $1}'`
					ip route add ${NET} dev ${EXTIF} src ${IP} table $table	# Add the others route in their respective tables
					ip route add default via ${GW} table $table
					ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table	# Add the rule for each rule depending of the mark set by the firewall
					routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}"	# add the added gateway into the default gateway
				done
			fi
			${routecmd}	# define the default gateway for outgoing traffic
			ip route flush cache
		fi
		/usr/local/bin/alcasar-iptables.sh
		# write resolv.conf
		cat <<EOF > /etc/resolv.conf
# Basic resolv.conf : ALCASAR ask its local DNS servers (unbound)
search $DOMAIN
nameserver 127.0.0.1
EOF
		exit 0
		;;
	*)
		exit 1
		;;
esac
 
 
Generated by GNU Enscript 1.6.6.
 
 
 

Rev 2983	Rev 3285
1	`#!/bin/bash`	1	`#!/bin/bash`
2		2
3	`# alcasar-network.sh`	3	`# alcasar-network.sh`
4	`# by Pierre RIVAULT and Rexy`	4	`# by Pierre RIVAULT and Rexy`
5	`# This script is distributed under the Gnu General Public License (GPL)`	5	`# This script is distributed under the Gnu General Public License (GPL)`
6		6
7	`# Met à jour la configuration réseau conformément au fichier de configuration (alcasar.conf)`	7	`# Met à jour la configuration réseau conformément au fichier de configuration (alcasar.conf)`
8	`# update network configuration according to alcasar.conf`	8	`# update network configuration according to alcasar.conf`
9		9
10	`CONF_FILE="/usr/local/etc/alcasar.conf"`	10	`CONF_FILE="/usr/local/etc/alcasar.conf"`
11	`TMP_ip_gw_save="/tmp/ipset_ip_gw_save"`	11	`TMP_ip_gw_save="/tmp/ipset_ip_gw_save"`
-		12	DOMAIN=`grep ^DOMAIN= $CONF_FILE\|cut -d"=" -f2`
12	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2`	13	EXTIF=`grep ^EXTIF= $CONF_FILE\|cut -d"=" -f2`
13	PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE\|cut -d"=" -f2`	14	PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE\|cut -d"=" -f2`
14	`if [ $PUBLIC_IP != "dhcp" ]; then`	15	`if [ $PUBLIC_IP != "dhcp" ]; then`
15	GW1=`grep ^GW= $CONF_FILE\|cut -d"=" -f2`	16	GW1=`grep ^GW= $CONF_FILE\|cut -d"=" -f2`
16	MTU=`grep ^PUBLIC_MTU= $CONF_FILE\|cut -d"=" -f2`	17	MTU=`grep ^PUBLIC_MTU= $CONF_FILE\|cut -d"=" -f2`
17	MULTIWAN=`grep ^MULTIWAN= $CONF_FILE\|cut -d"=" -f2`	18	MULTIWAN=`grep ^MULTIWAN= $CONF_FILE\|cut -d"=" -f2`
18	`MULTIWAN=${MULTIWAN:=off}`	19	`MULTIWAN=${MULTIWAN:=off}`
19	NET="`ipcalc -n $PUBLIC_IP \| cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP \| cut -d"=" -f2`"	20	NET="`ipcalc -n $PUBLIC_IP \| cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP \| cut -d"=" -f2`"
20	IP=`echo $PUBLIC_IP \| cut -d"/" -f1`	21	IP=`echo $PUBLIC_IP \| cut -d"/" -f1`
21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE \| cut -d"=" -f2`	22	PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE \| cut -d"=" -f2`
22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`	23	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
23	PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK \| cut -d"/" -f2`	24	PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK \| cut -d"/" -f2`
24	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK \|cut -d"=" -f2` # prefixe du réseau (ex. 24)	25	PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK \|cut -d"=" -f2` # prefixe du réseau (ex. 24)
25	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK\| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)	26	PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK\| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
26	`PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)`	27	`PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)`
27	nb_gw=`grep ^WAN $CONF_FILE \| wc -l`	28	nb_gw=`grep ^WAN $CONF_FILE \| wc -l`
28	`fi`	29	`fi`
29	`routecmd="ip route replace default scope global"`	30	`routecmd="ip route replace default scope global"`
30		31
31	`if [ $(whoami) != "root" ]; then`	32	`if [ $(whoami) != "root" ]; then`
32	`echo "You must be root to run this!" ; echo ; exit 1`	33	`echo "You must be root to run this!" ; echo ; exit 1`
33	`fi`	34	`fi`
34		35
35	`if [ $# -eq 0 ]; then`	36	`if [ $# -eq 0 ]; then`
36	`args="--apply"`	37	`args="--apply"`
37	`else`	38	`else`
38	`args=$1`	39	`args=$1`
39	`fi`	40	`fi`
40		41
41	`case $args in`	42	`case $args in`
42	`--save) # save all the IP before changing the configuration`	43	`--save) # save all the IP before changing the configuration`
43	`rm -f $TMP_ip_gw_save`	44	`rm -f $TMP_ip_gw_save`
44	`gw_list="gw0" # ipset name list for load_balancing`	45	`gw_list="gw0" # ipset name list for load_balancing`
45	`for ((i=1 ; i<=$nb_gw ; i++)); do`	46	`for ((i=1 ; i<=$nb_gw ; i++)); do`
46	`gw_list="${gw_list} gw$i"`	47	`gw_list="${gw_list} gw$i"`
47	`done`	48	`done`
48	`# Saving all of the already connected IP in order to put them back in the load balancing after`	49	`# Saving all of the already connected IP in order to put them back in the load balancing after`
49	`for i in $gw_list;do`	50	`for i in $gw_list;do`
50	`ipset list $i 1>/dev/null 2>&1`	51	`ipset list $i 1>/dev/null 2>&1`
51	`if [ $? -eq 0 ]`	52	`if [ $? -eq 0 ]`
52	`then`	53	`then`
53	`# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines except the members`	54	`# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines except the members`
54	`ipset list $i \| grep -v ":" >> $TMP_ip_gw_save`	55	`ipset list $i \| grep -v ":" >> $TMP_ip_gw_save`
55	`fi`	56	`fi`
56	`done`	57	`done`
57	`exit 0`	58	`exit 0`
58	`;;`	59	`;;`
59	`--apply)`	60	`--apply)`
60	`[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF`	61	`[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF`
61	`# set the new configuration for EXTIF`	62	`# set the new configuration for EXTIF`
62	`if [ $PUBLIC_IP == "dhcp" ]; then`	63	`if [ $PUBLIC_IP == "dhcp" ]; then`
63	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF`	64	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF`
64	`DEVICE=$EXTIF`	65	`DEVICE=$EXTIF`
65	`BOOTPROTO=dhcp`	66	`BOOTPROTO=dhcp`
66	`DNS1=127.0.0.1`	67	`DNS1=127.0.0.1`
67	`PEERDNS=no`	68	`PEERDNS=no`
68	`RESOLV_MODS=yes`	69	`RESOLV_MODS=yes`
69	`ONBOOT=yes`	70	`ONBOOT=yes`
70	`NOZEROCONF=yes`	71	`NOZEROCONF=yes`
71	`METRIC=10`	72	`METRIC=10`
72	`MII_NOT_SUPPORTED=yes`	73	`MII_NOT_SUPPORTED=yes`
73	`IPV6INIT=no`	74	`IPV6INIT=no`
74	`IPV6TO4INIT=no`	75	`IPV6TO4INIT=no`
75	`ACCOUNTING=no`	76	`ACCOUNTING=no`
76	`USERCTL=no`	77	`USERCTL=no`
77	`MTU=$MTU`	78	`MTU=$MTU`
78	`EOF`	79	`EOF`
79	`ifup $EXTIF`	80	`ifup $EXTIF`
80	`else`	81	`else`
81	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF`	82	`cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF`
82	`DEVICE=$EXTIF`	83	`DEVICE=$EXTIF`
83	`BOOTPROTO=static`	84	`BOOTPROTO=static`
84	`IPADDR=$IP`	85	`IPADDR=$IP`
85	NETMASK=`ipcalc -m $PUBLIC_IP \| cut -d= -f2`	86	NETMASK=`ipcalc -m $PUBLIC_IP \| cut -d= -f2`
86	NETWORK=`ipcalc -n $PUBLIC_IP \| cut -d= -f2`	87	NETWORK=`ipcalc -n $PUBLIC_IP \| cut -d= -f2`
87	`GATEWAY=$GW1`	88	`GATEWAY=$GW1`
88	`DNS1=127.0.0.1`	89	`DNS1=127.0.0.1`
89	`RESOLV_MODS=yes`	90	`RESOLV_MODS=yes`
90	`ONBOOT=yes`	91	`ONBOOT=yes`
91	`METRIC=10`	92	`METRIC=10`
92	`MII_NOT_SUPPORTED=yes`	93	`MII_NOT_SUPPORTED=yes`
93	`IPV6INIT=no`	94	`IPV6INIT=no`
94	`IPV6TO4INIT=no`	95	`IPV6TO4INIT=no`
95	`ACCOUNTING=no`	96	`ACCOUNTING=no`
96	`USERCTL=no`	97	`USERCTL=no`
97	`MTU=$MTU`	98	`MTU=$MTU`
98	`NOZEROCONF=yes`	99	`NOZEROCONF=yes`
99	`EOF`	100	`EOF`
100	`ifup $EXTIF`	101	`ifup $EXTIF`
101	`ip route flush ${NET} # Remove the previous route for the network of EXTIF`	102	`ip route flush ${NET} # Remove the previous route for the network of EXTIF`
102	`ip route delete default scope global # Remove the previous default route`	103	`ip route delete default scope global # Remove the previous default route`
103	`ip route add ${NET} dev ${EXTIF} src ${IP} # Set the new route for EXTIF network`	104	`ip route add ${NET} dev ${EXTIF} src ${IP} # Set the new route for EXTIF network`
104	ip route add ${NET} dev ${EXTIF} src ${IP} table 200 # Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}`	105	ip route add ${NET} dev ${EXTIF} src ${IP} table 200 # Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}`
105	`ip route add default via ${GW1} table 200`	106	`ip route add default via ${GW1} table 200`
106	`routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}"`	107	`routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}"`
107	`ip rule flush # Remove the previous routing rules`	108	`ip rule flush # Remove the previous routing rules`
108	`ip rule add from all lookup main pref 32766 # Set back the main rules`	109	`ip rule add from all lookup main pref 32766 # Set back the main rules`
109	`ip rule add from all lookup default pref 32767 # Set back the default rules`	110	`ip rule add from all lookup default pref 32767 # Set back the default rules`
110	`ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200 # Add the rule for the first gateway`	111	`ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200 # Add the rule for the first gateway`
111	`if [ "$MULTIWAN" == "on" ] \|\| [ "$MULTIWAN" == "On" ]; then`	112	`if [ "$MULTIWAN" == "on" ] \|\| [ "$MULTIWAN" == "On" ]; then`
112	nb_gw_supp=`grep ^WAN $CONF_FILE\|wc -l`	113	nb_gw_supp=`grep ^WAN $CONF_FILE\|wc -l`
113	`for ((i=0 ; $i < $nb_gw_supp ; i++)); do`	114	`for ((i=0 ; $i < $nb_gw_supp ; i++)); do`
114	`table=$(($i + 201)) # This number is used to mark the paquets in order to route them to the choosen GW`	115	`table=$(($i + 201)) # This number is used to mark the paquets in order to route them to the choosen GW`
115	GW=`grep ^WAN$(($i + 1))= $CONF_FILE\|awk -F'"' '{ print $2 }' \| awk -F, '{print $1}'`	116	GW=`grep ^WAN$(($i + 1))= $CONF_FILE\|awk -F'"' '{ print $2 }' \| awk -F, '{print $1}'`
116	`ip route add ${NET} dev ${EXTIF} src ${IP} table $table # Add the others route in their respective tables`	117	`ip route add ${NET} dev ${EXTIF} src ${IP} table $table # Add the others route in their respective tables`
117	`ip route add default via ${GW} table $table`	118	`ip route add default via ${GW} table $table`
118	`ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table # Add the rule for each rule depending of the mark set by the firewall`	119	`ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table # Add the rule for each rule depending of the mark set by the firewall`
119	`routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}" # add the added gateway into the default gateway`	120	`routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}" # add the added gateway into the default gateway`
120	`done`	121	`done`
121	`fi`	122	`fi`
122	`${routecmd} # define the default gateway for outgoing traffic`	123	`${routecmd} # define the default gateway for outgoing traffic`
123	`ip route flush cache`	124	`ip route flush cache`
124	`fi`	125	`fi`
125	`/usr/local/bin/alcasar-iptables.sh`	126	`/usr/local/bin/alcasar-iptables.sh`
-		127	`# write resolv.conf`
-		128	`cat <<EOF > /etc/resolv.conf`
-		129	`# Basic resolv.conf : ALCASAR ask its local DNS servers (unbound)`
-		130	`search $DOMAIN`
-		131	`nameserver 127.0.0.1`
-		132	`EOF`
126	`exit 0`	133	`exit 0`
127	`;;`	134	`;;`
128	`*)`	135	`*)`
129	`exit 1`	136	`exit 1`
130	`;;`	137	`;;`
131	`esac`	138	`esac`
132		139
133		140
134	`Generated by GNU Enscript 1.6.6.`	141	`Generated by GNU Enscript 1.6.6.`
135		142
136		143
137		144

Subversion Repositories ALCASAR

(root)/scripts/alcasar-network.sh @ 2960 – Rev 2983 → 3285