AlkorZ3/network_tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
3086205f02
network_tools/etc/init.d/rx3-net

505 lines
13 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Init file for Rx3 network setup
#
# chkconfig: 2345 55 25
# description: Rx3 network setup
#
### BEGIN INIT INFO
# Provides: rx3-net
# Required-Start: $network
# Required-Stop: $network
# Default-Start: 2 3 4 5
# Short-Description: Rx3 network setup
# Description: Rx3 network setup
### END INIT INFO
# source function library
. /etc/rc.d/init.d/functions
[ -e /etc/sysconfig/rx3-net ] && . /etc/sysconfig/rx3-net
[ -e /etc/sysconfig/rx3-vpn ] && . /etc/sysconfig/rx3-vpn
RETVAL=0
prog="rx3-net"
#--------------------------------------------------------------------------------------------------------------------------
# Lookup Source IP ()
#--------------------------------------------------------------------------------------------------------------------------
Lookup_Src_IP ()
{
lo_id=0
for lo_blk in ${IP_SRC_SN}
do
OIFS=${IFS}
IFS=:
set ${lo_blk}
lo_ip=$1
lo_table=$2
lo_owner=$3
lo_type=$4
IFS=${OIFS}
echo "${lo_ip}:${lo_table}:${lo_owner}:${lo_type}:${lo_type}:sn:${lo_id}"
lo_id=$((${lo_id}+1))
done
for lo_blk in ${IP_SRC_PTP}
do
OIFS=${IFS}
IFS=:
set ${lo_blk}
lo_id=$1
lo_table=$2
lo_owner=$3
lo_forward=$4
IFS=${OIFS}
for lo_type in 1 2 3
do
echo "${IP_PREFIX}.${lo_type}.${lo_id}:${lo_table}:${lo_owner}:${lo_type}:${lo_forward}:ptp:${lo_id}"
done
done
}
#--------------------------------------------------------------------------------------------------------------------------
# Port_Start_Get ()
#--------------------------------------------------------------------------------------------------------------------------
port_start_get()
{
ps_net_type=$1
ps_vpn_id=$2
if [[ "${ps_net_type}" == "sn" ]]
then
ps_port_base=3000
else
ps_port_base=33000
fi
echo $((${ps_port_base}+${ps_vpn_id}*100))
}
#--------------------------------------------------------------------------------------------------------------------------
# Lookup Source IP ()
#--------------------------------------------------------------------------------------------------------------------------
port_end_get()
{
ps_port_start=$1
echo $((${ps_port_start}+99))
}
#--------------------------------------------------------------------------------------------------------------------------
# Forward_Add ()
#--------------------------------------------------------------------------------------------------------------------------
forward_add()
{
fa_ip=$1
fa_net_type=$2
fa_vpn_id=$3
fa_port_start=$(port_start_get "${fa_net_type}" "${fa_vpn_id}")
fa_port_end=$(port_end_get "${fa_port_start}")
iptables -t nat -A PREROUTING-VPN -p tcp -m tcp --dport ${fa_port_start}:${fa_port_end} -j DNAT --to ${fa_ip}
iptables -t nat -A PREROUTING-VPN -p udp -m udp --dport ${fa_port_start}:${fa_port_end} -j DNAT --to ${fa_ip}
# iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${fa_port_start}:${fa_port_end} -i tun+ -j DNAT --to ${fa_ip}
# iptables -t nat -A PREROUTING -p udp -m udp --dport ${fa_port_start}:${fa_port_end} -i tun+ -j DNAT --to ${fa_ip}
# iptables -t nat -A PREROUTING -p tcp -m tcp --dport ${fa_port_start}:${fa_port_end} -i ppp+ -j DNAT --to ${fa_ip}
# iptables -t nat -A PREROUTING -p udp -m udp --dport ${fa_port_start}:${fa_port_end} -i ppp+ -j DNAT --to ${fa_ip}
}
#--------------------------------------------------------------------------------------------------------------------------
# Forward_Remove ()
#--------------------------------------------------------------------------------------------------------------------------
forward_remove()
{
fr_ip=$1
fr_net_type=$2
fr_vpn_id=$3
fr_port_start=$(port_start_get "${fr_net_type}" "${fr_vpn_id}")
fr_port_end=$(port_end_get "${fr_port_start}")
iptables -t nat -D PREROUTING-VPN -p tcp -m tcp --dport ${fr_port_start}:${fr_port_end} -j DNAT --to ${fr_ip}
iptables -t nat -D PREROUTING-VPN -p udp -m udp --dport ${fr_port_start}:${fr_port_end} -j DNAT --to ${fr_ip}
# iptables -t nat -D PREROUTING -p tcp -m tcp --dport ${fr_port_start}:${fr_port_end} -i tun+ -j DNAT --to ${fr_ip}
# iptables -t nat -D PREROUTING -p udp -m udp --dport ${fr_port_start}:${fr_port_end} -i tun+ -j DNAT --to ${fr_ip}
# iptables -t nat -D PREROUTING -p tcp -m tcp --dport ${fr_port_start}:${fr_port_end} -i ppp+ -j DNAT --to ${fr_ip}
# iptables -t nat -D PREROUTING -p udp -m udp --dport ${fr_port_start}:${fr_port_end} -i ppp+ -j DNAT --to ${fr_ip}
}
# Some functions to make the below more readable
#--------------------------------------------------------------------------------------------------------------------------
# Rx3-Start ()
#--------------------------------------------------------------------------------------------------------------------------
rx3-start()
{
# Add Rx3 routes in vpn tables
for table in ${TABLE_LIST}
do
for route in ${IP_ROUTE}
do
# ip route add ${route/:*/} table ${table} via ${route/*:/}
ip route add ${route/:*/} table ${table} dev ${route/*:/}
done
done
# copy main default rule into table 3 (vpn local routing table)
if [[ "$(ip route list match 0.0.0.0 table main)" != "" ]]
then
ip route add $(ip route list match 0.0.0.0 table main) table 3
fi
# Create VPN Forward Chain
iptables -t nat -N PREROUTING-VPN
# Add Jump rule for VPN
for blk in ${VPN_EXT_LIST}
do
OIFS=${IFS}
IFS=:
set $blk
dev=$1
conf=$2
table=$3
name=$4
IFS=${OIFS}
if [[ "${dev}" != "eth0" ]]
then
iptables -t nat -A PREROUTING -i ${dev} -j PREROUTING-VPN
fi
done
# Add sub-net + point-to-point vpn client addresse rules
for blk in $(Lookup_Src_IP)
do
OIFS=$IFS
IFS=:
set $blk
ip=$1
table=$2
owner=$3
vpn_type=$4
forward=$5
net_type=$6
vpn_id=$7
IFS=$OIFS
ip rule add from ${ip} table ${table}
if [[ "${vpn_type}" == "${forward}" ]]
then
forward_add "${ip}" "${net_type}" "${vpn_id}"
fi
done
}
#--------------------------------------------------------------------------------------------------------------------------
# Rx3-Stop ()
#--------------------------------------------------------------------------------------------------------------------------
rx3-stop()
{
# Remove subnet + point-to-point vpn client addresse rules
for blk in $(Lookup_Src_IP)
do
OIFS=$IFS
IFS=:
set $blk
ip=$1
table=$2
owner=$3
vpn_type=$4
forward=$5
net_type=$6
vpn_id=$7
IFS=$OIFS
ip rule del from ${ip} 2>/dev/null
if [[ "${vpn_type}" == "${forward}" ]]
then
forward_remove "${ip}" "${net_type}" "${vpn_id}"
fi
done
# Remove Jump rule for VPN
for blk in ${VPN_EXT_LIST}
do
OIFS=${IFS}
IFS=:
set $blk
dev=$1
conf=$2
table=$3
name=$4
IFS=${OIFS}
if [[ "${dev}" != "eth0" ]]
then
iptables -t nat -D PREROUTING -i ${dev} -j PREROUTING-VPN
fi
done
# Delete VPN Forward Chain
iptables -t nat -X PREROUTING-VPN
# Remove default route in table 3
ip route del default table 3
# Remove Rx3 routes in vpn tables
for table in ${TABLE_LIST}
do
for route in ${IP_ROUTE}
do
# ip route del ${route/:*/} table ${table} via ${route/*:/} 2>/dev/null
ip route del ${route/:*/} table ${table} dev ${route/*:/} 2>/dev/null
done
done
return 0
}
#--------------------------------------------------------------------------------------------------------------------------
# Rx3-Table_Set ()
#--------------------------------------------------------------------------------------------------------------------------
rx3-table_set()
{
ip=$1
table=$2
if [[ $table -lt 3 || $table -gt 11 ]]
then
return 1
fi
if [[ $(echo ${ip} | sed 's/.[^.]*.[^.]*$//') != "${IP_PREFIX}" ]]
then
sed </etc/sysconfig/rx3-net -e "s/^${ip}:[^:]*:/${ip}:${table}:/" >/etc/sysconfig/rx3-net.new
mv /etc/sysconfig/rx3-net.new /etc/sysconfig/rx3-net
ip rule del from ${ip}
ip rule add from ${ip} table ${table}
else
vpn_id=${ip/*./}
sed </etc/sysconfig/rx3-net -e "s/^${vpn_id}:[^:]*:/${vpn_id}:${table}:/" >/etc/sysconfig/rx3-net.new
mv /etc/sysconfig/rx3-net.new /etc/sysconfig/rx3-net
for vpn_type in 1 2 3
do
ip=${IP_PREFIX}.${vpn_type}.${vpn_id}
ip rule del from ${ip}
ip rule add from ${ip} table ${table}
done
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Rx3-Forward_Set ()
#--------------------------------------------------------------------------------------------------------------------------
rx3-forward_set()
{
ip=$1
IFS="."
set $ip
IFS=" "
network="$1.$2"
vpn_type="$3"
vpn_id="$4"
if [[ "${network}" == "${IP_PREFIX}" ]]
then
vpn_type_old=$(grep "^${vpn_id}:" /etc/sysconfig/rx3-net | sed -e "s/.*://" -e "s/ .*//")
forward_remove "${IP_PREFIX}.${vpn_type_old}.${vpn_id}" "ptp" "${vpn_id}"
sed </etc/sysconfig/rx3-net -e "s/^${vpn_id}:\([^:]*:[^:]*\):.\(.*\)$/${vpn_id}:\1:${vpn_type}\2/" >/etc/sysconfig/rx3-net.new
mv /etc/sysconfig/rx3-net.new /etc/sysconfig/rx3-net
forward_add "${ip}" "ptp" "${vpn_id}"
fi
}
#--------------------------------------------------------------------------------------------------------------------------
# Start ()
#--------------------------------------------------------------------------------------------------------------------------
start()
{
gprintf "Starting %s:" "$prog"
if [ -r /var/lock/subsys/rx3-net ]; then
success "already started"
RETVAL=0
else
rx3-start
RETVAL=$?
[ "$RETVAL" = 0 ] && success "startup" || failure "startup"
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/rx3-net
fi
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Stop ()
#--------------------------------------------------------------------------------------------------------------------------
stop()
{
gprintf "Stopping %s:" "$prog"
if [ -r /var/lock/subsys/rx3-net ]
then
rx3-stop
RETVAL=$?
[ "$RETVAL" = 0 ] && success "stop" || failure "stop"
else
success "already stopped"
RETVAL=0
fi
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/rx3-net
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Table-Set ()
#--------------------------------------------------------------------------------------------------------------------------
table-set()
{
gprintf "Setting %s: ip:%s table:%s" "$prog" "$1" "$2"
if [ -r /var/lock/subsys/rx3-net ]; then
rx3-table_set $1 $2
RETVAL=$?
[ "$RETVAL" = 0 ] && success "table set" || failure "table set"
else
failure "not running so table not set"
RETVAL=1
fi
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Forward-Set ()
#--------------------------------------------------------------------------------------------------------------------------
forward-set()
{
gprintf "Setting %s: ip:%s" "$prog" "$1"
if [ -r /var/lock/subsys/rx3-net ]; then
rx3-forward_set $1 $2
RETVAL=$?
[ "$RETVAL" = 0 ] && success "forward set" || failure "forward set"
else
failure "not running so forward set"
RETVAL=1
fi
echo
}
#--------------------------------------------------------------------------------------------------------------------------
# Main
#--------------------------------------------------------------------------------------------------------------------------
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 1
start
;;
status)
gprintf "Rules:\n"
ip rule show
echo
for table in ${TABLE_LIST}
do
gprintf "Table ${table}:\n"
ip route list table ${table}
echo
done
gprintf "Forward:\n"
iptables -t nat -L PREROUTING -v -n
iptables -t nat -L PREROUTING-VPN -v -n
RETVAL=1
;;
table_set)
table-set $2 $3
;;
forward_set)
forward-set $2
;;
*)
gprintf "Usage: %s {start|stop|restart|status|table_set|forward_set}\n" "$0"
RETVAL=1
;;
esac
exit $RETVAL
Reference in New Issue View Git Blame Copy Permalink