Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Regard whitespace Rev 2956 → Rev 2955

/web/acc/admin/network.php
1,7 → 1,7
<?php
# $Id$
 
// written by steweb57, Rexy, Tom HOUDAYER & Pierre RIVAULT
// written by steweb57, Rexy & Tom HOUDAYER
 
/********************
* READ CONF FILES *
11,8 → 11,6
define('ETHERS_INFO_FILE', '/usr/local/etc/alcasar-ethers-info');
define('DNS_LOCAL_FILE', '/etc/hosts');
define('LETS_ENCRYPT_FILE', '/usr/local/etc/alcasar-letsencrypt');
define('TEMP_FILE', '/tmp/alcasar.conf.temp');
 
$conf_files = [CONF_FILE, ETHERS_FILE, ETHERS_INFO_FILE, DNS_LOCAL_FILE, LETS_ENCRYPT_FILE];
 
// Files reading test
100,14 → 98,6
$l_renew = "Renouveller";
$l_renew_force = "Renouveller (forcer)";
$l_previous_LE_cert = "Revenir au certificat Let's Encrypt :";
$l_gw_weight = "Poids";
$l_error = "Erreur";
$l_error_bad_ip = "Ceci n'est pas une adresse IP valide";
$l_error_bad_ip_CIDR = "Ceci n'est pas une adresse CIDR valide";
$l_error_bad_ip_port = "Ceci n'est pas une adresse IP + port valide";
$l_error_weight = "Ceci n'est pas un poids valide";
$l_change_successful = "Changement effectué avec succès";
 
} else if ($Language === 'es') {
$l_network_title = "Configuración de Red";
$l_internet_legend = "INTERNET";
163,13 → 153,6
$l_renew = "Renovar";
$l_renew_force = "Renovar (forzado)";
$l_previous_LE_cert = "Volver al certificado de Let's Encrypt :";
$l_gw_weight = "";/*TODO Traduction espagnole*/
$l_error = "";/*TODO Traduction espagnole*/
$l_error_bad_ip = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_CIDR = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_port = "";/*TODO Traduction espagnole*/
$l_error_weight = "";/*TODO Traduction espagnole*/
$l_change_successful = "";/*TODO Traduction espagnole*/
} else {
$l_network_title = "Network configuration";
$l_internet_legend = "INTERNET";
225,24 → 208,15
$l_renew = "Renew";
$l_renew_force = "Renew (force)";
$l_previous_LE_cert = "Back to the Let's Encrypt certificate :";
$l_gw_weight = "Weight";
$l_error = "Error";
$l_error_bad_ip = "This is not a valid IP";
$l_error_bad_ip_CIDR = "This is not a valid CIDR IP";
$l_error_bad_ip_port = "This is not a valid IP + port";
$l_error_weight = "This is not a valid weight";
$l_change_successful = "Network updated successfully";
}
 
$reg_ip = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/';
$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/';
$reg_ip_port = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\:([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))$/';
$reg_mac = '/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/';
$reg_host = '/^[a-zA-Z0-9-_]+$/';
$reg_weight = '/^[0-9]*$/';
$ext_conf_error = false;
 
$choix = (isset($_POST['choix'])) ? $_POST['choix'] : '';
 
switch ($choix) {
case 'DHCP_On':
exec('sudo /usr/local/bin/alcasar-dhcp.sh -on');
252,6 → 226,7
exec('sudo /usr/local/bin/alcasar-dhcp.sh -off');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'new_mac':
$new_mac_addr = trim($_POST['add_mac']);
$new_ip_addr = trim($_POST['add_ip']);
299,6 → 274,7
}
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'new_host':
$add_host = trim($_POST['add_host']);
$add_ip = trim($_POST['add_ip']);
364,6 → 340,7
}
}
break;
 
case 'https_login': // Set HTTPS login status
if ($_POST['https_login'] === 'on') {
exec('sudo /usr/local/bin/alcasar-https.sh --on');
376,182 → 353,32
 
// Network changes
if ($choix === 'network_change') {
exec('sudo /usr/local/bin/alcasar-network.sh --save');
$modification_network = false;
$modification_dns = false;
$modification_proxy = false;
$ext_conf_error_list = [];
copy(CONF_FILE, TEMP_FILE);
$network_modification = false;
 
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1'])) {
if (!preg_match($reg_ip, $_POST['dns1'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns1.': '.$l_error_bad_ip;
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1']) && preg_match($reg_ip, $_POST['dns1'])) {
file_put_contents(CONF_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(CONF_FILE)));
$network_modification = true;
}
file_put_contents(TEMP_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(TEMP_FILE)));
$modification_dns = true;
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2']) && preg_match($reg_ip, $_POST['dns2'])) {
file_put_contents(CONF_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(CONF_FILE)));
$network_modification = true;
}
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2'])) {
if (!preg_match($reg_ip, $_POST['dns2'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns2.': '.$l_error_bad_ip;
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP']) && preg_match($reg_ip_cidr, $_POST['ip_public'])) {
file_put_contents(CONF_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(CONF_FILE)));
$network_modification = true;
}
file_put_contents(TEMP_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(TEMP_FILE)));
$modification_dns = true;
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW']) && preg_match($reg_ip, $_POST['ip_gw'])) {
file_put_contents(CONF_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(CONF_FILE)));
$network_modification = true;
}
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP'])) {
if (!preg_match($reg_ip_cidr, $_POST['ip_private'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' LAN: '.$l_error_bad_ip_CIDR;
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP']) && preg_match($reg_ip_cidr, $_POST['ip_private'])) {
file_put_contents(CONF_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(CONF_FILE)));
$network_modification = true;
}
file_put_contents(TEMP_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(TEMP_FILE)));
$modification_network = true;
}
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP'])) {
if (!preg_match($reg_ip_cidr, $_POST['ip_public'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' WAN: '.$l_error_bad_ip_CIDR;
}
file_put_contents(TEMP_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(TEMP_FILE)));
$modification_network = true;
}
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW'])) {
if (!preg_match($reg_ip, $_POST['ip_gw'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' 1: '.$l_error_bad_ip;
}
file_put_contents(TEMP_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(TEMP_FILE)));
$modification_network = true;
}
if (isset($_POST['enable_proxy']) && $_POST['enable_proxy'] == 'P_Enabled')
{
if ($conf['PROXY'] !== 'On')
{
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=On', file_get_contents(TEMP_FILE)));
$modification_proxy = true;
}
if (isset($_POST['proxy']) && (trim($_POST['proxy']) !== $conf['PROXY_IP'])) {
if (!preg_match($reg_ip_port, $_POST['proxy'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': Proxy: '.$l_error_bad_ip_port;
}
file_put_contents(TEMP_FILE, str_replace('PROXY_IP='.$conf['PROXY_IP'], 'PROXY_IP='.trim($_POST['proxy']), file_get_contents(TEMP_FILE)));
$modification_proxy = true;
}
if ($conf['MULTIWAN'] !== 'Off')
{
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE)));
$modification_network = true;
}
}
else
{
//set multiwan value to off and delete every "WANx=" line
if ($_POST['gw_count'] === "1" && $conf['MULTIWAN'] !== 'Off')
{
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE)));
$temp = 1;
while (isset($conf['WAN'.$temp]))
{
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE)));
$temp++;
}
$modification_network = true;
}
if ($_POST['gw_count'] !== "1")
{
$changed = false;
//testing the existence of a change in the routing configuration
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nb_gw);
if ($_POST['gw_count'] == ($nb_gw[0] + 1))
{
if ($_POST['weight'] !== $conf['PUBLIC_WEIGHT']) {
$changed = true;
}
else {
for($i=1;$i<$_POST['gw_count'];$i++)
{
if( '"'.$_POST['ip_gw_'.$i].','.$_POST['weight_'.$i].'"' != $conf['WAN'.$i])
{
$changed = true;
break;
}
}
}
}
else
{
$changed = true;
}
 
if ($changed == true)
{
//deleting all the old lines containing "WANx="
$temp = 1;
while (isset($conf['WAN'.$temp]))
{
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE)));
$temp++;
}
//setting back the line "WAN1=" which will be our base
if (!preg_match($reg_weight, $_POST['weight'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' 1: '.$l_error_weight;
}
file_put_contents(TEMP_FILE, str_replace('PUBLIC_WEIGHT='.$conf['PUBLIC_WEIGHT'], 'PUBLIC_WEIGHT='.(($_POST['weight'] !== '')?$_POST['weight']:1), file_get_contents(TEMP_FILE)));
//Set Multiwan status
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], "MULTIWAN=On\nWAN1=", file_get_contents(TEMP_FILE)));
//Adding the correct number of "WANx=" lines, numbered
for($i=2;$i<$_POST['gw_count'];$i++)
{
file_put_contents(TEMP_FILE, str_replace('WAN'.($i-1).'=', 'WAN'.($i-1)."=\nWAN".$i.'=', file_get_contents(TEMP_FILE)));
}
//Adding the content
for($i=1;$i<$_POST['gw_count'];$i++)
{
if (!preg_match($reg_ip, $_POST['ip_gw_'.$i])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' '.($i+1).': '.$l_error_bad_ip;
}
if (!preg_match($reg_weight, $_POST['weight_'.$i])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' '.($i+1).': '.$l_error_weight;
}
file_put_contents(TEMP_FILE, str_replace('WAN'.$i.'=', 'WAN'.$i.'="'.$_POST['ip_gw_'.$i].','.(($_POST['weight_'.$i] === "0" || $_POST['weight_'.$i] === "")?"1":$_POST['weight_'.$i]).'"', file_get_contents(TEMP_FILE)));
}
$modification_network = true;
}
}
//set proxy value to off
if ($conf['PROXY'] !== 'Off')
{
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=Off', file_get_contents(TEMP_FILE)));
if($_POST['gw_count'] !== "1" && $conf['MULTIWAN'] !== 'On') {
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=On', file_get_contents(TEMP_FILE)));
$modification_network = true;
}
$modification_proxy = true;
}
}
 
//if no errors are detected
if ($ext_conf_error == false) {
copy(TEMP_FILE, CONF_FILE);
//DNS values modification, several services needs to be reloading, reloads the full server.
if ($modification_dns) {
if ($network_modification) {
exec('sudo /usr/local/bin/alcasar-conf.sh -apply');
}
//External network modifications, no service reloading
if ($modification_network) {
exec('sudo /usr/local/bin/alcasar-network.sh');
exec('sudo /usr/local/bin/alcasar-iptables.sh');
}
//If only the proxy has been modified, only the firewall needs a change
else if ($modification_proxy) {
exec('sudo /usr/local/bin/alcasar-iptables.sh');
}
}
unlink(TEMP_FILE);
 
// Read CONF_FILE updated
$file_conf = fopen(CONF_FILE, 'r');
626,33 → 453,18
$internet_publicIP = '-.-.-.-';
}
 
// Network interfaces, will be use later for multiple LAN interfaces
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['INTIF']];
// Network interfaces
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['EXTIF'], $conf['INTIF']];
exec("ip -o link show | awk -F': ' '{print $2}' | sed '/^" . implode('\\|', $interfacesIgnored) . "$/d'", $interfacesAvailable);
 
//retreive gateway(s) parameters
$gateways = [
// TODO: Pending the next version
$externalNetworks = [
(object) [
'gateway' => $conf['GW'],
'weight' => $conf['PUBLIC_WEIGHT']
'interface' => $conf['EXTIF'],
'ip' => $conf['PUBLIC_IP'],
'gateway' => $conf['GW']
]
];
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nbIfaces);
if ($nbIfaces > 0)
{
for ($i = 1; $i <= $nbIfaces[0]; $i++) {
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $1 }'", $temp_gw);
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $2 }'", $temp_weight);
$gateways[] = (object) [
'gateway' => $temp_gw[0],
'weight' => $temp_weight[0]
];
$temp_gw = "";
$temp_weight = "";
}
}
 
//retreive internal networks parameters
$internalNetworks = [
(object) [
'interface' => $conf['INTIF'],
708,11 → 520,10
.network-configurator .actions a:hover {
font-weight: bold;
}
.network-configurator .actions-externals {
right: 0;
border-radius: 5px;
position: relative;
text-decoration: none;
.network-configurator > .alcasar .actions-externals {
bottom: 0;
left: 0;
border-radius: 0 5px;
}
.network-configurator > .alcasar .actions-internals {
bottom: 0;
720,10 → 531,9
border-radius: 5px 0;
}
.network-configurator .actions-network {
top: 0;
right: 0;
border-radius: 5px;
position: relative;
text-decoration: none;
border-radius: 0 5px;
}
.network-configurator .network-box {
display: inline-block;
748,10 → 558,10
background-color: black;
}
.network-configurator .network-connector[data-connector-direction="left"] {
border-radius: 5px 0 0 5px;
border-radius: 5px 0px 0px 5px;
}
.network-configurator .network-connector[data-connector-direction="right"] {
border-radius: 0 5px 5px 0;
border-radius: 0px 5px 5px 0px;
}
.network-configurator div[data-network-type] {
position: relative;
759,30 → 569,39
</style>
<script>
$(document).ready(function () {
const interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>;
 
setTimeout(function(){$("#change_success").fadeOut('normal');}, 10000);
const wireStyles = {
available: { border: '5px double green' }
};
 
//Will be used later for multiple LAN interfaces
let interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>;
const wireStyles = { available: { border: '5px double green' } };
 
// Add gateway
$('.network-configurator').on('click', '.add-external-network', function (event) {
// Add external network
$('.network-configurator .add-external-network').click(function (event) {
event.preventDefault();
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));
$('.network-configurator .externals .network-box #ext_gateways').append(' \
<div id="ip_routeur_' + ifaces_count + '" data-info_type="gateway" data-number="'+ ifaces_count +'">\
<label for="ext_gateway_' + ifaces_count + '"><?= $l_ip_router.' ' ?></label><span class="gw_number">'+ (ifaces_count + 1) +'</span> <input style="width:100px" type="text" name="ip_gw_' + ifaces_count + '" id="ext_gateway_' + ifaces_count + '" value="" /> \
<label for="ext_weight_'+ ifaces_count +'"><?= $l_gw_weight ?></label> <input style="width:20px" type="text" name="weight_' + ifaces_count + '" id="ext_weight_'+ ifaces_count +'" value="0"/> \
<div class="actions actions-network" style="display:inline-block; width:11px"><a href="#" style="display:block; text-align:center" class="remove-network" title="Supprimer ce réseau">-</a></div><br></div> ');
ifaces_count++;
document.getElementById("gw_count").setAttribute('value', ifaces_count);
updateGatewayView();
$('div.network-connector[data-connector-network]').connections('update');
let options = '';
if (interfacesAvailable.length === 0) {
options = '<option value=""></option>';
} else {
for (let i = 0; i < interfacesAvailable.length; i++) {
options += '<option value="' + interfacesAvailable[i] + '">' + interfacesAvailable[i] + '</option>';
}
}
$('.network-configurator .externals').append(' \
<div data-network-type="external"> \
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div> \
<div class="network-box"> \
<div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> \
<label for="ext_interface_X"><?= 'Interface' ?></label> <select name="interface" id="ext_interface_X">' + options + '</select><br> \
<label for="ext_ip_X"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_X" value="" /><br> \
<label for="ext_gateway_X"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_X" value="" /> \
</div> \
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div> \
</div>');
addWire($('div[data-network-type="external"]:last'));
});
 
// Add internal network
$('.network-configurator').on('click', '.add-internal-network', function (event) {
$('.network-configurator .add-internal-network').click(function (event) {
event.preventDefault();
$('.network-configurator .internals').append(' \
<div data-network-type="internal"> \
796,123 → 615,38
addWire($('div[data-network-type="internal"]:last'));
});
 
// Remove gateway
$('.network-box').on('click', '.remove-network', function (event) {
// Remove network
$('.network-configurator').on('click', '.remove-network', function (event) {
event.preventDefault();
$(this).parent().parent().fadeOut(200, function() {
 
$(this).parent().parent().parent().fadeOut(200, function() {
const networkType = $(this).data('networkType');
$(this).remove();
//update network numbers
$('div[data-info_type="gateway"]').each(function (index, value) {
updateGatewayNumbers($(this), index);
});
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));
document.getElementById("gw_count").setAttribute('value', (ifaces_count - 1));
updateGatewayView();
 
$('div.network-connector[data-connector-network]').connections('update');
});
});
 
//proxy enabled or disabled
$('.network-configurator').on('click', '.enable_proxy', function(event){
if ($(this).is(':checked'))
{
document.getElementById("add_external").setAttribute('hidden', 'true');
document.getElementById("ext_proxy").removeAttribute('disabled');
$('div[id="ip_routeur_0"]').children('span').html('');
$('div[data-info_type="gateway"]').each(function(index, value) {
if ($(this).attr('data-number') !== "0")
{
$(this).attr('hidden', 'true');
// Update wires
if (networkType === 'external') {
$('div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]').connections('update');
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]').connections('update');
} else if (networkType === 'internal') {
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]').connections('update');
}
else
{
$(this).children('input[id="ext_weight_0"]').attr('hidden', 'true');
$(this).children('label[for="ext_weight_0"]').attr('hidden', 'true');
$(this).children('div[class="actions actions-network"]').css('display', 'none');
}
});
}
else
{
document.getElementById("add_external").removeAttribute('hidden');
document.getElementById("ext_proxy").setAttribute('disabled', 'true');
$('div[id="ip_routeur_0"]').children('span').html('1');
$('div[data-info_type="gateway"]').each(function(index, value) {
if ($(this).attr('data-number') !== "0")
{
$(this).removeAttr('hidden');
}
else
{
$(this).children('input[id="ext_weight_0"]').removeAttr('hidden');
$(this).children('label[for="ext_weight_0"]').removeAttr('hidden');
$(this).children('div[class="actions actions-network"]').css('display', 'inline-block');
}
});
updateGatewayView();
}
$('div.network-connector[data-connector-network]').connections('update');
});
 
//Add a wire between two connectors
const addWire = function (network) {
const networkType = network.data('networkType');
if (networkType === 'external') {
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: network.children('div.network-connector[data-connector-network="internet"]'), css: wireStyles.available, within: network });
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: network.children('div.network-connector[data-connector-network="external"]'), css: wireStyles.available, within: network });
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="internet"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' });
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="external"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' });
} else if (networkType === 'internal') {
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: network.children('div.network-connector[data-connector-network="internal"]'), css: wireStyles.available, within: network });
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: 'div[data-network-type="internal"]>div.network-connector[data-connector-network="internal"]:last', css: wireStyles.available, within: 'div[data-network-type="internal"]:last' });
}
};
 
//reindex the gateway numbers when a gateway is deleted
const updateGatewayNumbers = function(gateway, number) {
old_number = gateway.attr('data-number');
gateway.attr('data-number', number);
gateway.attr('id', 'ip_routeur_'+number);
if (number === 0)
{
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw');
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight');
}
else
{
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw_'+number);
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight_'+number);
}
gateway.children('label[for="ext_gateway_'+old_number+'"]').attr('for', 'ext_gateway_'+number);
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('id', 'ext_gateway_'+number);
gateway.children('label[for="ext_weight_'+old_number+'"]').attr('for', 'ext_weight_'+number);
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('id', 'ext_weight_'+number);
gateway.children('span[class="gw_number"]').html((number+1)+' ');
 
};
 
//hide the delete button and the weight field when there is only one gateway (or when there is a proxy)
const updateGatewayView = function() {
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));
if (ifaces_count === 1)
{
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').attr('hidden', 'true');
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').attr('hidden', 'true');
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'none');
}
else
{
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').removeAttr('hidden');
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').removeAttr('hidden');
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'inline-block');
}
};
 
//resize the connections to fit the window
window.addEventListener('resize', function () {
$('div.network-connector[data-connector-network]').connections('update');
});
 
// Add wires to existing networks at page first render
// Add wires to existing networks
$('div[data-network-type="external"]').add('div[data-network-type="internal"]').each(function (index, element) {
addWire($(this));
});
935,49 → 669,26
</div>
<div class="network-connector" data-connector-network="internet" data-connector-direction="right"></div>
</div>
</div><div id="externals_id" class="externals">
</div><div class="externals">
<?php foreach ($externalNetworks as $index => $network): ?>
<div data-network-type="external">
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div>
<div class="network-box">
<label for="ext_interface">Interface</label> <input name="ext_interface" id="ext_interface" value="<?= $conf['EXTIF'] ?>" disabled="disabled"/><br>
<label for="ext_ip"><?= $l_ip_address ?></label> <input style="width:130px" type="text" name="ip_public" id="ext_ip" value="<?= $conf['PUBLIC_IP'] ?>" /><br>
<input class="enable_proxy" type="checkbox" name="enable_proxy" value="P_Enabled" <?php if($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On') { echo 'checked'; }?>/>
<label for="proxy">Proxy</label> <input style="width:140px" type="text" name="proxy" id="ext_proxy" value=<?= $conf['PROXY_IP']?> <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? '' : 'disabled'?>/><br>
<div id="ext_gateways" >
<input type="text" name="gw_count" id="gw_count" value="<?=count($gateways)?>" hidden="hidden"/>
<?php foreach ($gateways as $index => $network):
if ($index == 0) {?>
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>">
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label>
<span class="gw_number"><?= ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')?'':($index+1) ?> </span>
<input style="width:100px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" />
<label for="ext_weight_<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>><?= $l_gw_weight ?></label>
<input style="width:20px" type="text" name="weight" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On' || $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>/>
<div class="actions actions-network" style="display: <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'none' : 'inline-block' ?>; width:11px">
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a>
</div><br>
<!-- <div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> -->
<label for="ext_interface_<?= $index ?>"><?= 'Interface' ?></label> <select name="ext_interface[<?= $index ?>]" id="ext_interface_<?= $index ?>" disabled><option value="<?= $network->interface ?>"><?= $network->interface ?></option></select><br>
<label for="ext_ip_<?= $index ?>"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_<?= $index ?>" value="<?= $network->ip ?>" /><br>
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" />
</div>
<?php } else {?>
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>>
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label>
<span class="gw_number"><?= ($index+1) ?> </span>
<input style="width:100px" type="text" name="ip_gw_<?= $index ?>" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>"/>
<label for="ext_weight_<?= $index ?>"><?= $l_gw_weight ?></label>
<input style="width:20px" type="text" name="weight_<?= $index ?>" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>"/>
<div class="actions actions-network" style="display:inline-block; width:11px">
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a>
</div><br>
</div>
<?php } endforeach; ?>
</div>
<div class="actions actions-externals" style="margin: 0 auto; width:11px"><a id="add_external" href="#" class="add-external-network" title="Ajouter un réseau externe" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>>+</a></div>
</div>
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div>
</div>
<? endforeach; ?>
</div><div class="alcasar">
<div data-network-type="alcasar">
<div class="network-connector" data-connector-network="external" data-connector-direction="left"></div>
<div class="network-box">
<!-- <div class="actions actions-externals">
<div><a href="#" class="add-external-network" title="Ajouter un réseau externe">+</a></div>
</div> -->
<div class="alcasar-logo"><img src="/images/logo-alcasar.png" style="width: 100px;height: 100px;"></div>
<!-- <div class="actions actions-internals">
<div><a href="#" class="add-internal-network" title="Ajouter un réseau interne">+</a></div>
986,7 → 697,7
</div>
<div class="network-connector" data-connector-network="internal" data-connector-direction="right"></div>
</div>
</div><div id="internals_id" class="internals" data-count="1">
</div><div class="internals">
<?php foreach ($internalNetworks as $network): ?>
<div data-network-type="internal">
<div class="network-connector" data-connector-network="internal" data-connector-direction="left"></div>
999,18 → 710,6
<? endforeach; ?>
</div>
</div>
<?php if ($ext_conf_error == true) {
echo '<span style="color:red">';
$temp = 0;
while (isset($ext_conf_error_list[$temp])) {
echo $ext_conf_error_list[$temp].'<br>';
$temp++;
}
echo '</span>';
}
else if (($choix === 'network_change') && ($modification_proxy || $modification_dns || $modification_network)) {
echo '<span id="change_success" style="color:green">'.$l_change_successful.'</span>';
}?>
<hr>
<div style="text-align: center; margin: 5px">
<input type="hidden" name="choix" value="network_change">
1042,7 → 741,6
$mac_addr = $fields[0];
$ip_addr = $fields[1];
$info = (isset($fields[2])) ? implode(' ', array_slice($fields, 2)) : ' ';
 
echo '<tr>';
echo "<td>$mac_addr</td>";
echo "<td>$ip_addr</td>";
/web/intercept.php
111,7 → 111,7
$l_reply_6 = "Se ha alcanzado su tiempo de conexión autorizado";
$l_online_time = "Tiempo en linea";
$l_remaining_time = "Tiempo restante";
$l_uam_domain = "Sitios de libre acceso : ";
$l_uam_domain = "Sitios web autorizados : ";
$l_autoregistration = "Registo autom&aacute;tico";
} else if ($Language === 'pt') { // Portuguese
$l_ChilliError = "A autenticação precisa ser bem sucedida através do portal.";
145,7 → 145,7
$l_reply_6 = "Seu tempo de conexão autorizada finalizou";
$l_online_time = "Tempo Online";
$l_remaining_time = "Tempo restante";
$l_uam_domain = "Sítios de acesso livre : ";
$l_uam_domain = "Sites autorizados : ";
$l_autoregistration = "Registo autom&aacute;tico";
} else if ($Language === 'zh') { // Chinese
$l_ChilliError = "验证必须通过强制门户服务";
179,7 → 179,7
$l_reply_6 = "已经到达您的允许连接时间";
$l_online_time = "在线时间";
$l_remaining_time = "剩余时间";
$l_uam_domain = " : ";
$l_uam_domain = "授权网站 : ";
$l_autoregistration = "短信注册";
} else if ($Language === 'ar') { // Arabic
$l_ChilliError = "يجب نجاح المصادقة على البوابة الأسيرة";
213,7 → 213,7
$l_reply_6 = "استكملت مذة الإتصال المسموحة";
$l_online_time = "مذة الإتصال";
$l_remaining_time = "الوقت المتبق";
$l_uam_domain = "مواقع الوصول المجاني";
$l_uam_domain = ":المواقع المسموحة ";
$l_autoregistration = "تسجيل ذاتي (SMS)";
} else if ($Language === 'de') { // German
$l_ChilliError = "Sie wurden erfolgreich durch das Portal authentifiziert.";
247,7 → 247,7
$l_reply_6 = "Ihre maximale Verbindungszeit wurde erreicht";
$l_online_time = "Online-Zeit";
$l_remaining_time = "Verbleibende Zeit";
$l_uam_domain = "Offen zugängliche Seiten : ";
$l_uam_domain = "Authorisierte Webseiten : ";
$l_autoregistration = "Automatische Registrierung";
} else if ($Language === 'nl') { // Dutch
$l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst.";
281,7 → 281,7
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Online tijd";
$l_remaining_time = "Reterende tijd";
$l_uam_domain = "Sites met open toegang : ";
$l_uam_domain = "Geautoriseerde website : ";
$l_autoregistration = "Automatische registratie";
} else if ($Language === 'fr') { // French
$l_ChilliError = "L'authentification doit être réussie sur le portail captif.";
315,7 → 315,7
$l_reply_6 = "Votre durée de connexion autorisée a été atteinte";
$l_online_time = "Temps de connexion";
$l_remaining_time = "Temps restant";
$l_uam_domain = "Sites en accès libre : ";
$l_uam_domain = "Sites autorisés : ";
$l_autoregistration = "Auto enregistrement (sms)";
} else { // English
$l_ChilliError = "The authentication must be successful through the captive portal service.";
349,7 → 349,7
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Online time";
$l_remaining_time = "Remaining time";
$l_uam_domain = "Open access websites : ";
$l_uam_domain = "Authorized websites : ";
$l_autoregistration = "Auto registration (sms)";
}
 
/CHANGELOG
1,14 → 1,11
# $Id$
 
********** ALCASAR CHANGELOG **********
-------------------- 3.5.4 --------------------
NEWS
- Multi-WAN access with load balancing per user (Thx to Pierre RIVAULT for this great job)
CHANGES
BUGS
- Fix local DNS configuration when installing in dhcp mode
- Fix a display bug for web sites in exception (Thx to Olivier C).
- Fix
-------------------- 3.5.3 --------------------
NEWS
- WIFI4EU automatic integration via ACC
/alcasar.sh
600,9 → 600,6
fi
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PROXY=off" >> $CONF_FILE
echo "PROXY_IP=\"192.168.0.100:80\"" >> $CONF_FILE
echo "PUBLIC_WEIGHT=1" >> $CONF_FILE
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
745,33 → 742,8
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /etc/systemd/system/iptables.service
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
# create the alcasar-network unit
cat << EOF > /etc/systemd/system/alcasar-network.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit starts alcasar-network.sh script.
[Unit]
Description=alcasar-network.sh execution
After=network.target iptables.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=$DIR_DEST_BIN/alcasar-network.sh
ExecStop=$DIR_DEST_BIN/alcasar-network.sh
TimeoutSec=0
 
[Install]
WantedBy=multi-user.target
EOF
/usr/bin/systemctl daemon-reload
 
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is started at the end of this script in order not to cut network flow in case of using ssh
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
} # End of network()
 
##################################################################
2192,10 → 2164,11
echo "LDAP_CERT_REQUIRED=" >> $CONF_FILE
echo "SMS=off" >> $CONF_FILE
echo "SMS_NUM=" >> $CONF_FILE
echo "## MULTIWAN : WANx=@IPx,Weightx" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "#WAN1=\"192.168.0.250,1\"" >> $CONF_FILE
echo "#WAN2=\"192.168.0.251,1\"" >> $CONF_FILE
echo "FAILOVER=30" >> $CONF_FILE
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
echo "BL_PUREIP=on" >> $CONF_FILE
echo "BL_SAFESEARCH=off" >> $CONF_FILE
echo "WL_SAFESEARCH=off" >> $CONF_FILE
2221,9 → 2194,33
do
find /var/log/$dir -type f -name "*.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]" -exec gzip {} \;
done
# create the alcasar-load_balancing unit
cat << EOF > /etc/systemd/system/alcasar-load_balancing.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit lauches alcasar-load-balancing.sh script.
[Unit]
Description=alcasar-load_balancing.sh execution
After=network.target iptables.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop
TimeoutSec=0
 
[Install]
WantedBy=multi-user.target
EOF
/usr/bin/systemctl daemon-reload
# processes started at boot time (Systemctl)
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done
2391,6 → 2388,10
fi
done
# RPMs install
if [ "$mode" == "update" ] # to avoid updating unbound during the V5.3.3 update (to be removed after this version)
then
echo "/^unbound/" >> /etc/urpmi/skip.list
fi
$DIR_SCRIPTS/alcasar-rpm.sh
if [ "$?" != "0" ]
then
2427,7 → 2428,7
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
if [ $Lang == "fr" ]
then echo "Le fichier de configuration d'une version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION a été trouvé";
else echo "The configuration file of a version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION has been found";
else echo "The configuration file of an old version has been found";
fi
response=0
PTN='^[oOnNyY]?$'
/scripts/alcasar-network.sh
File deleted
Property changes:
Deleted: svn:eol-style
-native
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
/scripts/alcasar-conf.sh
124,7 → 124,7
--load|-load)
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
tar -xf alcasar-conf.tar.gz
# update alcasar.conf parameters
# copy alcasar.conf parameters
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
/scripts/alcasar-rpm-download.sh
13,7 → 13,7
# The kernel version we compile netflow for
KERNEL="kernel-server-5.10.30-1.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd clamav clamav-db fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
 
rpm_repository_sync ()
{
/scripts/alcasar-rpm.sh
18,8 → 18,7
# "lsscsi" & nvme-cli" : needed by phpsysinfo
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
# "sudo" : needed after a reinstallation (to be investigated)
# "clamav + clamav-db" : needes because of a mutual dependance
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
 
rpm_repository_sync ()
{
/scripts/alcasar-uninstall.sh
289,14 → 289,19
 
post_install ()
{
echo -en "(7) : "
echo -en "(8) : "
[ -e /etc/mageia-release.default ] && mv -f /etc/mageia-release.default /etc/mageia-release && echo -n "1, "
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, "
[ -e /etc/ssh/sshd_config.default ] && mv -f /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, "
[ -e /etc/bashrc.default ] && mv -f /etc/bashrc.default /etc/bashrc && echo -n "4, "
[ -e /etc/sudoers.default ] && mv -f /etc/sudoers.default /etc/sudoers && echo -n "5, "
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "6, "
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "7"
if [ -e /etc/systemd/system/alcasar-load_balancing.service ]
then
rm -f /etc/systemd/system/alcasar-load_balancing.service
echo -n "6, "
fi
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "7, "
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "8"
}
 
 
332,7 → 337,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
339,7 → 344,7
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# unbound, iptables & sshd should stay on to allow remote update
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update + users stay connected during the update
fi
 
386,7 → 391,7
done
if [ $mode == "full" ]
then
echo -en "\n- network(10) : "
echo -en "\n- network(9) : "
hostnamectl set-hostname localhost.localdomain
chmod a-x /etc/sysconfig/network-scripts/default-*
i=0
401,17 → 406,12
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, "
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, "
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, "
if [ -e /etc/systemd/system/alcasar-network.service ]
- then
- rm -f /etc/systemd/system/alcasar-network.service
- echo -n "8, "
- fi
if [ -e /etc/systemd/system/iptables.service ]
then
rm -f /etc/systemd/system/iptables.service
echo -n "9, "
echo -n "8, "
fi
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "10"
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "9"
/usr/bin/systemctl restart network
sleep 1
fi
/scripts/alcasar-iptables.sh
39,7 → 39,6
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation
TMP_ip_gw_save="/tmp/ipset_ip_gw_save" # tmp file for already connected ips
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2`
47,10 → 46,6
IPTABLES="/sbin/iptables"
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # WEB Sites allowed for all (no av and no filtering for av_bl users)
MULTIWAN=`grep ^MULTIWAN $CONF_FILE|cut -d"=" -f2`
PROXY=`grep ^PROXY= $CONF_FILE|cut -d"=" -f2`
PROXY_IP=`grep ^PROXY_IP= $CONF_FILE|cut -d"=" -f2`
nb_gw=`grep ^WAN $CONF_FILE|wc -l`
 
# Allow requests to internal DNS if activated
if [ "$INT_DNS_ACTIVE" = "on" ]
58,15 → 53,6
DNSSERVERS="$DNSSERVERS,$INT_DNS_IP"
fi
 
#ipset name list for load_balancing
gw_list="gw0"
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
for ((i=1 ; i<=$nb_gw ; i++)); do
gw_list="${gw_list} gw$i"
done
fi
 
 
# Sauvegarde des SET des utilisateurs connectés si ils existent
# Saving SET of connected users if it exists
ipset list not_filtered 1>/dev/null 2>&1
82,20 → 68,6
ipset save proto_3 >> $TMP_users_set_save
fi
 
# Sauvegarde de la liste de toutes les IP déjà connectées pour les réintégrer dans le load balancing
# Saving all of the already connected IP in order to put them back in the load balancing after
if [ ! -f $TMP_ip_gw_save ];then
# Save only if alcasar-network.sh --save has not been executed before
for i in $gw_list;do
ipset list $i 1>/dev/null 2>&1
if [ $? -eq 0 ]
then
# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines execpt the members
ipset list $i | cut -d":" -f5 | sed '/^[[:space:]]*$/d' >> $TMP_ip_gw_save
fi
done
fi
 
# Chargement de la sonde NetFlow (module noyau ipt_NETFLOW)
# loading of NetFlow probe (ipt_NETFLOW kernel module)
modprobe ipt_NETFLOW destination=127.0.0.1:2055
188,41 → 160,10
ipset create proto_3 hash:ip hashsize 1024
fi
 
#ipsets for load balancing
for i in $gw_list; do
ipset create $i hash:ip
done
cat $TMP_ip_gw_save | while read ip; do
gw_min="gw0"
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2`
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2`
#The *1000 is here to avoid working on floats in bash
gw_min_value=$((1000 * $already / $weight))
i=1
for gw in $gw_list;do
if [ "$gw" != "gw0" ]; then
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'`
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2`
value=$((1000 * $already / $weight))
if [ $value -lt $gw_min_value ]
then
gw_min_value=$value
gw_min=$gw
fi
i=$(($i+1))
fi
done
ipset add $gw_min $ip
done
rm -f $TMP_ip_gw_save
 
 
 
#############################
# PREROUTING #
#############################
 
 
# Marquage (et journalisation) des paquets qui tentent d'accéder directement aux ports d'écoute du proxy HTTP/HTTPS (E2Guardian) pour pouvoir les rejeter en INPUT
# Mark (and log) the direct attempts to E2guardian listen ports in order to REJECT them in INPUT rules
# 8080 = ipset av_bl
276,7 → 217,6
# Redirection des requêtes HTTP des usagers "av_bl + av_wl + av" vers E2guardian
# Redirect outbound "av_bl + av_wl +av" users HTTP requests to E2guardian
# 8080 = ipset av_bl
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j MARK --set-mark 200
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080
# 8090 = ipset av_wl & av
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8090
292,23 → 232,6
# Redirect NTP request in local NTP server
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123
 
#Récupération de la marque associée à une gw pour chaque connection
$IPTABLES -A PREROUTING -t mangle -j CONNMARK --restore-mark
 
if [ "$PROXY" == "on" ] || [ "$PROXY" == "On" ];then
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p tcp -m multiport --dports http,https -j DNAT --to-destination $PROXY_IP
fi
 
#Marquage pour le load balancing
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
temp_index=200
for i in $gw_list; do
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set $i src -j MARK --set-mark $temp_index
temp_index=$(($temp_index+1))
done
fi
 
 
#############################
# INPUT #
#############################
319,7 → 242,7
$IPTABLES -A OUTPUT -o lo -j ACCEPT
 
# Rejet des demandes de connexions non conformes (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN)
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST and NEW not SYN)
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN)
$IPTABLES -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
566,9 → 489,6
# Dynamic NAT on EXTIF
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
 
#Sauvegarde de la marque associée à la connexion pour le load balancing
$IPTABLES -A POSTROUTING -t mangle -j CONNMARK --save-mark
 
#############################
# FAIL2BAN #
#############################
/scripts/alcasar-condown.sh
3,7 → 3,7
# $Id$
#
# alcasar-condown.sh
# by Rexy & Pierre RIVAULT
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# This script is started by coova after each logout
56,17 → 56,6
current_users_file="/tmp/current_users.txt"
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file
 
# Remove user_IP from ipset of load balancing
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
for (( i = 0 ; i <= $nb_gw ; i++ ));do
gw="gw$i"
ipset test $gw $FRAMED_IP_ADDRESS 1>/dev/null 2>&1
if [ $? -eq 0 ];then
ipset del $gw $FRAMED_IP_ADDRESS
break
fi
done
 
#############################
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter).
## see "/src/chilli.c" for the complete list of parse variables
/scripts/alcasar-conup.sh
3,13 → 3,13
# $Id$
#
# alcasar-conup.sh
# by Rexy & Pierre RIVAULT
# by Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# This script is started by coova after each successfull login
# Ce script est démarré par coova à chaque connexion d'usager (authentification réussi)
 
CONF_FILE="/usr/local/etc/alcasar.conf"
 
PASSWD_FILE="/root/ALCASAR-passwords.txt"
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
67,27 → 67,6
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file
fi
 
# set the user_ip to an gw_ipset for load-balancing
gw_min="gw0"
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2`
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2`
#The *1000 is here to avoid working on floats in bash
gw_min_value=$((1000 * $already / $weight))
 
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
for (( i = 1 ; i <= $nb_gw ; i++ ));do
gw="gw${i}"
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'`
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2`
value=$((1000 * $already / $weight))
if [ $value -lt $gw_min_value ]
then
gw_min_value=$value
gw_min=$gw
fi
done
ipset add $gw_min $FRAMED_IP_ADDRESS
 
#############################
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter + Alcasar-Status-Page-Must-Stay-Open).
## see "/src/chilli.c" for the complete list of parse variables
/scripts/alcasar-load_balancing.sh
0,0 → 1,407
#!/bin/bash
# $Id$
 
# Generic Load balancer for multiple WAN links - version 1.1 (04 Feb 2011)
# (c) 2011 Pau Oliva Fora - http://pof.eslack.org
#
# Licensed under GPLv3 - for full terms see:
# http://www.gnu.org/licenses/gpl-3.0.html
#
# Adapted and debugged (adr et ping -S) by ALCASAR Team (3abtux@alcasar.net)
# (c) 2013 3abtux - http://www.alcasar.net
#
# Specify each WAN link in a separate column, example:
# In this example we have 3 wan links (vlanXXX interfaces) attached to a single
# physical interface because we use a vlan-enabled switch between the balancer
# machine and the ADSL routers we want to balance. The weight parameter should
# be kept to a low integer.
#
#
# Modified by ALCASAR team :
 
 
prog="alcasar-load_balancing.sh"
pidfile="/run/alcasar-load_balancing.pid"
 
###############################
# MAIN PARAMETERs Configuration
###############################
 
DIR_ETC="/usr/local/etc"
CONF_FILE="$DIR_ETC/alcasar.conf"
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
MULTIWAN=${MULTIWAN:=off}
FAILOVER=`grep ^FAILOVER= $CONF_FILE|cut -d"=" -f2`
FAILOVER=${FAILOVER:=30}
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
 
 
# space separated list of public IPs to ping in watchdog mode
# set this to some public ip addresses pingable and always on.
TESTIPS="8.8.8.8 192.0.32.10"
 
# set to 1 when testing, set to 0 when happy with the results
VERBOSE=0
 
# CONFIGURATION ENDS HERE
###############################
 
 
if [ $(whoami) != "root" ]; then
echo "You must be root to run this!" ; echo ; exit 1
fi
 
# Adapter for ALCASAR project
CONF_FILE="/usr/local/etc/alcasar.conf"
 
# Virtual interfaces creating
function create_eth () {
routecmd="ip route replace default scope global"
NBIFACE=`grep "^WAN=" $CONF_FILE | wc -l` # Nbre interfaces virtuelles
i=0
while [ $i -le $NBIFACE ]
do
INT="WAN$i"
echo $INT
ACTIVE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $1}'` # Active
WT=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # WEIGHT
WT=${WT:-1}
IP=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $3}' | cut -d"/" -f1` # @IP
 
if [ $i -ne 0 ]; then
[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i ] && ifdown $EXTIF:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i
IFACE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'` # IFACE
IP_NET=`grep "^$INT=" $CONF_FILE | awk -F'"' '{print $2}' | awk -F, '{ print $3}'` # IP
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
GW=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
MTU=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $6}'` # MTU
 
# Config $EXTIF:$i (Internet)
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i
DEVICE=$IFACE
BOOTPROTO=static
IPADDR=`echo $IP | cut -d"/" -f1`
NETMASK=`ipcalc -m $IP_NET | cut -d= -f2`
NETWORK=`ipcalc -n $IP_NET | cut -d= -f2`
MTU=$MTU
ONBOOT=yes
NOZEROCONF=yes
MII_NOT_SUPPORTED=yes
IPV6INIT=no
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
EOF
echo "ifup $EXTIF:$i"
ifup $EXTIF:$i
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
else
IFACE="$EXTIF"
IP_NET=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F'=' '{print $2}'` # IP/MSK
IP=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F= '{ print $2 }' | cut -d"/" -f1` # @IP
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
# MTU=`grep "^PUBLIC_MTU=" $CONF_FILE | awk -F= '{print $2}'` # MTU
fi # End
 
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
if [ "$PARAM" == "add" ]; then
set -x
table=$(($i + 1))
ip route ${PARAM} ${NET} dev ${IFACE} src ${IP} table $table
ip route ${PARAM} default via ${GW} table $table
ip rule ${PARAM} from ${IP} table $table
set +x
fi
echo " Iface: ${IFACE}"
echo " IP: ${IP}"
echo " IP_NET: ${IP_NET}"
echo " NET: ${NET}"
echo " GW: ${GW}"
echo " Weight: ${WT}"
echo " MTU : ${MTU}"
echo
routecmd="${routecmd} nexthop via ${GW} dev ${IFACE} weight ${WT}"
i=$(($i + 1))
done # End While
 
if [ "$PARAM" == "add" ]; then
echo "[] Balanced routing:"
# suppress default route
ip route del default scope global
set -x
${routecmd}
set +x
echo
fi
 
} # end create_eth
 
###########################
# Fonction virtual Interfaces deleting
###########################
delete_eth () {
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-$EXTIF:* | wc -l`
echo $IFACE_COUNT
while [ $IFACE_COUNT -ne 0 ]
do
i=$IFACE_COUNT
echo "ifdown $EXTIF:$i"
ifdown $EXTIF:$i
rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i
IFACE_COUNT=$(($IFACE_COUNT - 1))
done
ip route del default scope global
# ip route add default gw 192.168.1.1
}
 
 
# do not modify below this line unless you know what you're doing :)
function getvalue() {
index=$1
VAR=$2
 
n=1
for f in ${VAR} ; do
if [ "${n}" == "${index}" ]; then
echo "$f"
break
fi
n=$(($n++))
done
}
 
######################
# Fonction de FailOver
######################
function failover () {
 
echo "[] Watchdog started"
# 0 == all links ok, 1 == some link down
STATE=0
 
DOWNCOUNT_BAK=0
DOWN_BAK=""
NBIFACE=`grep "^WAN=" $CONF_FILE | wc -l` # Nbre interfaces virtuelles
echo "Nombre interfaces = "$NBIFACE
WANIFACE[0]="$EXTIF"
c=0
while [ $c -le $NBIFACE ]; do
ITH=(`grep "^WAN$c=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'`) # IFACE
echo $ITH
WANIFACE="${WANIFACE} $ITH"
echo $WANIFACE
c=$(($c + 1))
done
echo "Liste des interfaces : "${WANIFACE[*]}
# Failover test
while : ; do
 
if [ $VERBOSE -eq 1 ]; then
echo "[] Sleeping, state=$STATE"
fi
sleep $FAILOVER
 
IFINDEX=1
DOWN="" # liste des interfaces down
DOWNCOUNT=0 # nombre d'interface down
for iface in $WANIFACE ; do
COUNT=0 # compteur de test
FAIL=0 # Nombre de fois down
# Recup de l'adresse IP dynamiquement
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'`
if [ $i -ne 0 ]; then
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @WT
else
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
fi
for TESTIP in $TESTIPS ; do
COUNT=$(($COUNT + 1))
ping -W 3 -I $IP -c 1 $TESTIP > /dev/null 2>&1
# ping -W 3 -I $IP -c 1 $TESTIP
# Si ping de la première adresse --> ok --> stop du test pour l'interface testée
if [ $? -eq 0 ]; then
break
else
# sinon on compte une erreur
FAIL=$(($FAIL + 1))
fi
done # End of test sur un serveur Internet
# Affichage du nombre de down
echo "FAIL=$FAIL"
# Si nombre de fois down = nombre de tests --> Iface down --> log dans fichier log avec l'heure
if [ $FAIL -eq $COUNT ]; then
echo "`date +%F-%Hh%mm%Ss` : [WARN] $iface is down!"
# Si etat différent de 1 (déjà tombé) --> changement de l'état général en default
if [ $STATE -ne 1 ]; then
echo "Switching state $STATE -> 1"
STATE=1
fi
# Rajout de l'iface dans la liste des interfaces down
DOWN="${DOWN} $IFINDEX"
echo "DOWN=$DOWN"
# Nombre d'interface down
DOWNCOUNT=$(($DOWNCOUNT + 1))
echo "DOWNCOUNT=$DOWNCOUNT"
fi
IFINDEX=$(($IFINDEX + 1))
echo "IFINDEX =$IFINDEX"
done # End Test Interface in WANIFACE
 
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles
# if [ $DOWNCOUNT -eq 0 ] && [ $DOWNCOUNT -ne $DOWNCOUNT_BAK ]; then
if [ $DOWNCOUNT -eq 0 ] ; then
if [ $STATE -eq 1 ]; then
echo
echo "[] All links up and running :)"
set -x
${routecmd}
set +x
# Changement de l'état en normal
STATE=0
echo "Switching state 1 -> 0"
fi # End retour etat normal
# if no interface is down, go to the next cycle
continue
# cas ou au moins une passerelle down mais état identique au précédent Test --> rien à changer
else
if [ "$DOWN_BAK" == "$DOWN" ]; then
echo "DOWN_BAK == DOWN = $DOWN"
continue # --> état identique test precedent --> boucle suivante
# cas ou au moins une passerelle down mais état différent de test précédent --> remplacement par nouvelle règle
else
cmd="ip route replace default scope global"
IFINDEX=1
suffix=""
# Pour chaque interface --> traitement et application de la règle de routage
for iface in $WANIFACE ; do
echo "-------------------------"
echo "iface=$iface"
echo "Index = " $IFINDEX
FAILIF=0
# Pour chaque interface down -->
echo "Interfaces DOWN = $DOWN"
for lnkdwn in $DOWN ; do
echo "LINKDOWN = "$lnkdown
if [ $lnkdwn -eq $IFINDEX ]; then
FAILIF=1
break
else
continue
fi
done # End linkdown in DOWN
# Interface en etat normal --> rajout de la règle en mode nexthop
if [ $FAILIF -eq 0 ]; then
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'`
if [ $iface != "$EXTIF" ]; then
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW
else
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
fi
echo "GW=$GW"
echo "WT=$WT"
echo "suffix=$sufix"
suffix="${suffix} nexthop via ${GW} dev ${iface} weight ${WT:-1}"
fi # End interface = noFAIL
IFINDEX=$(($IFINDEX + 1))
done # End iface IN WANIFACE
# Commande globale
cmd="ip route replace default scope global $suffix"
 
if [ $VERBOSE -eq 1 ]; then
set -x
# echo "Avec commentaire : " ${cmd}
${cmd}
set +x
echo
else
${cmd} 2>/dev/null
echo ${cmd}
fi # end Application de la commande de routage globale
fi #
DOWN_BAK=$DOWN # Enregistrement de l'etat
fi # End
done
} # End of Failover
 
 
#################
# Main
#################
 
echo "[] Load balancer for multiple WAN interfaces - v2.1"
echo "[] (c) 2011 Pau Oliva Fora <pof> @eslack.org"
echo "[] (c) 2013 3abtux ALCASAR <3abtux> @alcasar.net"
echo
 
case $1 in
create)
create_eth
;;
delete)
delete_eth
;;
start)
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then
echo "The MultiGateway is not activated !"
exit 0
fi
PARAM="add"
create_eth
ip route flush cache
if [ $FAILOVER -eq 0 ]; then
echo "The MultiWAN Mode is actived but not failover connectivity !"
exit 0
fi
echo "Starting down $prog: "
pid=`pidof -x "alcasar-load_balancing.sh"`
if [ $pid != "" ]; then
echo $pid > $pidfile
fi
touch /var/lock/subsys/alcasar-load_balancing
failover
;;
stop)
PARAM="del"
echo "Shutting down $prog: "
if [ -f $pidfile ]; then
pid=`cat $pidfile`
kill -9 $pid
else
echo "$prog is not running."
exit 1
fi
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing
echo "Delete of virtual interfaces"
delete_eth
echo "Network restart"
service network restart 2>&1 > /dev/null
ip route
 
;;
status)
echo "Checking $prog : "
if [ -f $pidfile ]; then
pid=`cat $pidfile`
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}`
if [ "$CHECK" = "" ]; then
echo "$prog is NOT running."
else
echo "$prog is running !"
fi
else
echo "$prog is Not running."
fi
;;
fail)
failover
;;
*)
echo "Usage: $0 [start|stop|status|create|delete]" ; echo ; exit 1
;;
esac
 
exit 0
Property changes:
Added: svn:eol-style
+LF
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
Added: svn:keywords
+Id Author Date
\ No newline at end of property
/conf/sudoers
13,7 → 13,7
User_Alias SMS=gammu_smsd # gammu-smsd owner
 
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh # network commands
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line
/conf/etc/alcasar-iptables-local.sh
33,8 → 33,8
 
# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance d'Internet vers ALCASAR
# Allow ping (echo & request) (ICMP N°0 & 8) from Internet
#$IPTABLES -A INPUT -i $EXTIF -p icmp --icmp-type 8 -j ACCEPT
#$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 0 -j ACCEPT
#$IPTABLES -A INPUT -i $EXTIF -s $Admin_from_IP -p icmp --icmp-type 8 -j ACCEPT
#$IPTABLES -A OUTPUT -o $EXTIF -d $Admin_from_IP -p icmp --icmp-type 0 -j ACCEPT
 
# On autorise ALCASAR a accéder à un serveur MAIL local (envoie de rapports, alertes, etc.)
# Allow ALCASAR to conect to a local mail server (send reports, alerts, etc.)
/VERSION
1,0 → 0,0
3.5.4b
3.5.3