#!/bin/sh # ------- # File: llxcfg-net # Description: LliureX net tool # Author: Luis Garcia Gisbert # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License along # with this program; if not, write to the Free Software Foundation, Inc., # 51 Franklin St, Fifth Floor, Boston MA 02110-1301 USA # -------- set -e PATH="/usr/sbin:/usr/bin:/sbin:/bin" # library die(){ echo "$1" >&2 exit 1 } usage(){ die "Usage: $(basename "$0") update\n\ $(basename "$0") ACTION {enable|disable|test|status} [PARAMETERS]\n\ ACTIONS: routing\n\ persistence\n\ services\n\ nat (requires NET_EXT_IFACE and NET_INT_IFACE)" } fwd_change(){ echo $1 > $PROC_NET_FWD } fwd_test(){ [ $(cat $PROC_NET_FWD) -eq 0 ] || return 0 return 1 } nat_rules(){ local rc rc=0 iptables -t nat -${1} POSTROUTING -o $NET_EXT_IFACE -j MASQUERADE || rc=$? for IFACE in $NET_INT_IFACE ; do iptables -${1} FORWARD -i $NET_EXT_IFACE -o $IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT || rc=$? iptables -${1} FORWARD -i $IFACE -o $NET_EXT_IFACE -j ACCEPT || rc=$? done return $rc } nat_disable(){ nat_test_vars || return 0 nat_rules D >/dev/null 2>/dev/null || true rm -f $NAT_FLAG_FILE } nat_enable(){ nat_test_vars || return 0 nat_rules D >/dev/null 2>/dev/null || true if nat_rules A ; then fwd_change 1 mkdir -p $NAT_FLAG_DIR touch $NAT_FLAG_FILE else nat_disable die "Error enabling nat" fi } nat_test(){ [ -r "$NAT_FLAG_FILE" ] || return 1 return 0 } nat_test_vars(){ [ "$NET_EXT_IFACE" -a "$NET_INT_IFACE" ] || return 1 return 0 } persistence_test(){ eval "$(llxcfg-showvars NET_PERSISTENCE)" [ "$NET_PERSISTENCE" != "ENABLED" ] || return 0 return 1 } save_status(){ if nat_test ; then NET_NAT_STATUS="ENABLED" else NET_NAT_STATUS="DISABLED" fi if fwd_test ; then NET_FWD_STATUS="ENABLED" else NET_FWD_STATUS="DISABLED" fi # NET_..._STATUS vars are for internal use only, so we use systemvars llxcfg-systemvars add NET_NAT_STATUS="$NET_NAT_STATUS" NET_FWD_STATUS="$NET_FWD_STATUS" return 0 } PROC_NET_FWD="/proc/sys/net/ipv4/ip_forward" NAT_FLAG_DIR="/var/run/llxcfg-net" NAT_FLAG_FILE="$NAT_FLAG_DIR/NAT" # main NET_ACTION="$1" NET_CMD="$2" [ "$NET_ACTION" -a "$NET_CMD" ] || usage shift 2 case $NET_CMD in enable|disable|test|status) ;; *) usage ;; esac eval "$(llxcfg-showvars NET_EXT_IFACE NET_INT_IFACE)" case $NET_ACTION in routing) case $NET_CMD in enable) fwd_change 1 ;; disable) fwd_change 0 ;; test) rc=0 fwd_test || rc=$? exit $rc ;; status) if fwd_test ; then echo "routing is ENABLED" else echo "routing is DISABLED" fi ;; esac ;; nat) nat_test_vars || die "Invalid values for NET_EXT_IFACE NET_INT_IFACE" case $NET_CMD in enable) nat_enable ;; disable) nat_disable ;; test) rc=0 nat_test || rc=$? exit $rc ;; status) if nat_test ; then echo "nat is ENABLED" else echo "nat is DISABLED" fi ;; esac ;; persistence) case $NET_CMD in enable) llxcfg-setvars NET_PERSISTENCE="ENABLED" save_status ;; disable) llxcfg-setvars NET_PERSISTENCE="DISABLED" save_status ;; test) rc=0 persistence_test || rc=$? exit $rc ;; status) if persistence_test ; then echo "persistence is ENABLED" else echo "persistence is DISABLED" fi ;; esac ;; services) case $NET_CMD in enable) eval "$(llxcfg-showvars NET_EXT_IFACE NET_INT_IFACE NET_PERSISTENCE NET_NAT_STATUS NET_FWD_STATUS)" if persistence_test ; then if [ "$NET_NAT_STATUS" = "ENABLED" ] ; then nat_enable else nat_disable if [ "$NET_FWD_STATUS" = "ENABLED" ] ; then fwd_change 1 else fwd_change 0 fi fi fi ;; disable) nat_disable fwd_change 0 ;; test) fwd_test || persistence_test || exit 1 exit 0 ;; status) for s in routing nat ; do $0 $s status done ;; esac ;; *) usage ;; esac exit 0