From c4a3d3b3b0e7c0a10735232001a2b5a3b84338c6 Mon Sep 17 00:00:00 2001 From: Ludovic Pouzenc Date: Sun, 28 Aug 2016 09:28:57 +0200 Subject: misc: setup_routing.sh : read config file from api/gen_conf.php and apply routing Crude version that does not disable routing on suspend or cancel. --- misc/setup_routing.sh | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100755 misc/setup_routing.sh diff --git a/misc/setup_routing.sh b/misc/setup_routing.sh new file mode 100755 index 0000000..730e036 --- /dev/null +++ b/misc/setup_routing.sh @@ -0,0 +1,123 @@ +#!/bin/bash +CONFFILE=/root/config_adt.bkp.sh +if [ $# -gt 0 ] +then export DRY=echo +fi + +function nettoyage_nat() { + ip4_public=$1 + + ip addr show dev lo | grep -q "$ip4_public/32" && $DRY ip addr del $ip4_public/32 dev lo + + deleted=0 + ruleno_pre=$(iptables -t nat -L PREROUTING -n --line-numbers | grep " $ip4_public " | cut -d' ' -f1 | head -n1) + if [ -n "$ruleno_pre" ] + then $DRY iptables -t nat -D PREROUTING $ruleno_pre + deleted=1 + fi + ruleno_post=$(iptables -t nat -L POSTROUTING -n --line-numbers | grep -E "to:$ip4_public$" | cut -d' ' -f1 | head -n1) + if [ -n "$ruleno_post" ] + then $DRY iptables -t nat -D POSTROUTING $ruleno_post + deleted=1 + fi + if [ $deleted -eq 1 ] + then $DRY conntrack -L -q $ip4_public + fi +} + +function activation_nat() { + ip4_nexthop=$1 + ip4_public=$2 + + ip addr show dev lo | grep -q "$ip4_public/32" || $DRY ip addr add $ip4_public/32 dev lo + + iptables -t nat -L PREROUTING -n --line-numbers | grep -E "to:$ip4_nexthop$" -q \ + || $DRY iptables -t nat -A PREROUTING -d $ip4_public -j DNAT --to-destination $ip4_nexthop + + iptables -t nat -L POSTROUTING -n --line-numbers | grep " $ip4_nexthop " -q \ + || $DRY iptables -t nat -A POSTROUTING -s $ip4_nexthop -j SNAT --to-source $ip4_public +} + +# Appelé pour chaque service à router +function do_conf() { + dev=eth1 + svc_etat=$1 + svc_id=$2 + ip4_nexthop=$3 + ip4_public=$4 + ip6_nexthop=$5 + ip6_prefix=$6 + mac_nexthop=$7 + + # Référencer les IP du service en cours de configuration dans le fichiers hosts (résolutions DNS locales) + ( + [ "$ip4_nexthop" != "-" ] && printf '%-22s %s\n' ${ip4_nexthop} ${svc_id}.nh4 + [ "$ip6_nexthop" != "-" ] && printf '%-22s %s\n' ${ip6_nexthop} ${svc_id}.nh6 + [ "$ip4_public" != "-" ] && printf '%-22s %s\n' ${ip4_public} ${svc_id}.ip4 + [ "$ip6_prefix" != "-" ] && printf '%-22s %s\n' ${ip6_prefix}1 ${svc_id}.ip6 + ) >> /etc/hosts.adt + + # Ajouter des entrées statiques dans /etc/ethers pour la table ARP (économie broadcast + changements IP WAN) + if [ "$mac_nexthop" != "-" -a "$mac_nexthop" != "" ] + then if [ "$ip4_nexthop" != "-" ] + then echo $mac_nexthop $ip4_nexthop >> /etc/ethers.adt + else if [ "$ip4_public" != "-" ] + then echo $mac_nexthop $ip4_public >> /etc/ethers.adt + fi + fi + fi + + case $svc_etat in + actif) + # Cas CHD OpenWRT sans NAT + if [ ${ip4_nexthop} = "-" ] + then + echo $svc_id CHD no NAT + # Nettoyage NAT éventuel + nettoyage_nat $ip4_public + + # CHD IPv4 Internet -> ADT + $DRY ip -4 route replace $ip4_public/32 dev $dev + + # CHD IPv6 Internet -> ADT + if [ $ip6_prefix != "-" -a $ip6_nexthop != "-" ] + then $DRY ip -6 route replace $ip6_prefix/56 via $ip6_nexthop dev $dev + fi + else + # Cas CHD avec NAT (OpenWRT natté ou firmware TP-Link) + echo $svc_id CHD with NAT + + # CHD IPv4 NAT Internet <-> ADT + activation_nat $ip4_nexthop $ip4_public + + # CHD IPv6 Internet -> ADT + if [ $ip6_prefix != "-" -a $ip6_nexthop != "-" ] + then $DRY ip -6 route replace $ip6_prefix/56 via $ip6_nexthop dev $dev + fi + fi + + ;; + resilie) + echo "Attention, durant la migration les resilies sont a decabler manuellement" + echo "-> $*" + ;; + esac +} + +#function main() { + + # Initialise + > /etc/hosts.adt + > /etc/ethers.adt + + # Met en place la conf de chaque adherent + source $CONFFILE + + # Finalise + cat /etc/hosts.system /etc/hosts.adt > /etc/hosts + cat /etc/ethers.system /etc/ethers.adt > /etc/ethers + $DRY ip route flush cache + $DRY arp -f /etc/ethers + exit 0 +#} + -- cgit v1.1