#!/bin/bash CONFFILE=/root/config_adt.bkp.sh if [ $# -gt 0 ] then export DRY=echo fi function nettoyage_nat() { ip4_public=$1 ip addr show dev lo | grep -q "$ip4_public/32" && $DRY ip addr del $ip4_public/32 dev lo deleted=0 ruleno_pre=$(iptables -t nat -L PREROUTING -n --line-numbers | grep " $ip4_public " | cut -d' ' -f1 | head -n1) if [ -n "$ruleno_pre" ] then $DRY iptables -t nat -D PREROUTING $ruleno_pre deleted=1 fi ruleno_post=$(iptables -t nat -L POSTROUTING -n --line-numbers | grep -E "to:$ip4_public$" | cut -d' ' -f1 | head -n1) if [ -n "$ruleno_post" ] then $DRY iptables -t nat -D POSTROUTING $ruleno_post deleted=1 fi if [ $deleted -eq 1 ] then $DRY conntrack -L -q $ip4_public fi } function activation_nat() { ip4_nexthop=$1 ip4_public=$2 ip addr show dev lo | grep -q "$ip4_public/32" || $DRY ip addr add $ip4_public/32 dev lo iptables -t nat -L PREROUTING -n --line-numbers | grep -E "to:$ip4_nexthop$" -q \ || $DRY iptables -t nat -A PREROUTING -d $ip4_public -j DNAT --to-destination $ip4_nexthop iptables -t nat -L POSTROUTING -n --line-numbers | grep " $ip4_nexthop " -q \ || $DRY iptables -t nat -A POSTROUTING -s $ip4_nexthop -j SNAT --to-source $ip4_public } # Appelé pour chaque service à router function do_conf() { dev=eth1 svc_etat=$1 svc_id=$2 ip4_nexthop=$3 ip4_public=$4 ip6_nexthop=$5 ip6_prefix=$6 mac_nexthop=$7 # Référencer les IP du service en cours de configuration dans le fichiers hosts (résolutions DNS locales) ( [ "$ip4_nexthop" != "-" ] && printf '%-22s %s\n' ${ip4_nexthop} ${svc_id}.nh4 [ "$ip6_nexthop" != "-" ] && printf '%-22s %s\n' ${ip6_nexthop} ${svc_id}.nh6 [ "$ip4_public" != "-" ] && printf '%-22s %s\n' ${ip4_public} ${svc_id}.ip4 [ "$ip6_prefix" != "-" ] && printf '%-22s %s\n' ${ip6_prefix}1 ${svc_id}.ip6 ) >> /etc/hosts.adt # Ajouter des entrées statiques dans /etc/ethers pour la table ARP (économie broadcast + changements IP WAN) if [ "$mac_nexthop" != "-" -a "$mac_nexthop" != "" ] then if [ "$ip4_nexthop" != "-" ] then echo $mac_nexthop $ip4_nexthop >> /etc/ethers.adt else if [ "$ip4_public" != "-" ] then echo $mac_nexthop $ip4_public >> /etc/ethers.adt fi fi fi case $svc_etat in actif) # Cas CHD OpenWRT sans NAT if [ ${ip4_nexthop} = "-" ] then echo $svc_id CHD no NAT # Nettoyage NAT éventuel nettoyage_nat $ip4_public # CHD IPv4 Internet -> ADT $DRY ip -4 route replace $ip4_public/32 dev $dev # CHD IPv6 Internet -> ADT if [ $ip6_prefix != "-" -a $ip6_nexthop != "-" ] then $DRY ip -6 route replace $ip6_prefix/56 via $ip6_nexthop dev $dev fi else # Cas CHD avec NAT (OpenWRT natté ou firmware TP-Link) echo $svc_id CHD with NAT # CHD IPv4 NAT Internet <-> ADT activation_nat $ip4_nexthop $ip4_public # CHD IPv6 Internet -> ADT if [ $ip6_prefix != "-" -a $ip6_nexthop != "-" ] then $DRY ip -6 route replace $ip6_prefix/56 via $ip6_nexthop dev $dev fi fi ;; resilie) echo "Attention, durant la migration les resilies sont a decabler manuellement" echo "-> $*" ;; esac } #function main() { # Initialise > /etc/hosts.adt > /etc/ethers.adt # Met en place la conf de chaque adherent source $CONFFILE # Finalise cat /etc/hosts.system /etc/hosts.adt > /etc/hosts cat /etc/ethers.system /etc/ethers.adt > /etc/ethers $DRY ip route flush cache $DRY arp -f /etc/ethers exit 0 #}