/web/acc/admin/network.php |
---|
1,7 → 1,7 |
<?php |
# $Id$ |
// written by steweb57, Rexy, Tom HOUDAYER & Pierre RIVAULT |
// written by steweb57, Rexy & Tom HOUDAYER |
/******************** |
* READ CONF FILES * |
11,8 → 11,6 |
define('ETHERS_INFO_FILE', '/usr/local/etc/alcasar-ethers-info'); |
define('DNS_LOCAL_FILE', '/etc/hosts'); |
define('LETS_ENCRYPT_FILE', '/usr/local/etc/alcasar-letsencrypt'); |
define('TEMP_FILE', '/tmp/alcasar.conf.temp'); |
$conf_files = [CONF_FILE, ETHERS_FILE, ETHERS_INFO_FILE, DNS_LOCAL_FILE, LETS_ENCRYPT_FILE]; |
// Files reading test |
100,14 → 98,6 |
$l_renew = "Renouveller"; |
$l_renew_force = "Renouveller (forcer)"; |
$l_previous_LE_cert = "Revenir au certificat Let's Encrypt :"; |
$l_gw_weight = "Poids"; |
$l_error = "Erreur"; |
$l_error_bad_ip = "Ceci n'est pas une adresse IP valide"; |
$l_error_bad_ip_CIDR = "Ceci n'est pas une adresse CIDR valide"; |
$l_error_bad_ip_port = "Ceci n'est pas une adresse IP + port valide"; |
$l_error_weight = "Ceci n'est pas un poids valide"; |
$l_change_successful = "Changement effectué avec succès"; |
} else if ($Language === 'es') { |
$l_network_title = "Configuración de Red"; |
$l_internet_legend = "INTERNET"; |
163,13 → 153,6 |
$l_renew = "Renovar"; |
$l_renew_force = "Renovar (forzado)"; |
$l_previous_LE_cert = "Volver al certificado de Let's Encrypt :"; |
$l_gw_weight = "";/*TODO Traduction espagnole*/ |
$l_error = "";/*TODO Traduction espagnole*/ |
$l_error_bad_ip = "";/*TODO Traduction espagnole*/ |
$l_error_bad_ip_CIDR = "";/*TODO Traduction espagnole*/ |
$l_error_bad_ip_port = "";/*TODO Traduction espagnole*/ |
$l_error_weight = "";/*TODO Traduction espagnole*/ |
$l_change_successful = "";/*TODO Traduction espagnole*/ |
} else { |
$l_network_title = "Network configuration"; |
$l_internet_legend = "INTERNET"; |
225,24 → 208,15 |
$l_renew = "Renew"; |
$l_renew_force = "Renew (force)"; |
$l_previous_LE_cert = "Back to the Let's Encrypt certificate :"; |
$l_gw_weight = "Weight"; |
$l_error = "Error"; |
$l_error_bad_ip = "This is not a valid IP"; |
$l_error_bad_ip_CIDR = "This is not a valid CIDR IP"; |
$l_error_bad_ip_port = "This is not a valid IP + port"; |
$l_error_weight = "This is not a valid weight"; |
$l_change_successful = "Network updated successfully"; |
} |
$reg_ip = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/'; |
$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/'; |
$reg_ip_port = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\:([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))$/'; |
$reg_mac = '/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/'; |
$reg_host = '/^[a-zA-Z0-9-_]+$/'; |
$reg_weight = '/^[0-9]*$/'; |
$ext_conf_error = false; |
$choix = (isset($_POST['choix'])) ? $_POST['choix'] : ''; |
switch ($choix) { |
case 'DHCP_On': |
exec('sudo /usr/local/bin/alcasar-dhcp.sh -on'); |
252,6 → 226,7 |
exec('sudo /usr/local/bin/alcasar-dhcp.sh -off'); |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
case 'new_mac': |
$new_mac_addr = trim($_POST['add_mac']); |
$new_ip_addr = trim($_POST['add_ip']); |
299,6 → 274,7 |
} |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
case 'new_host': |
$add_host = trim($_POST['add_host']); |
$add_ip = trim($_POST['add_ip']); |
364,6 → 340,7 |
} |
} |
break; |
case 'https_login': // Set HTTPS login status |
if ($_POST['https_login'] === 'on') { |
exec('sudo /usr/local/bin/alcasar-https.sh --on'); |
376,182 → 353,32 |
// Network changes |
if ($choix === 'network_change') { |
exec('sudo /usr/local/bin/alcasar-network.sh --save'); |
$modification_network = false; |
$modification_dns = false; |
$modification_proxy = false; |
$ext_conf_error_list = []; |
copy(CONF_FILE, TEMP_FILE); |
$network_modification = false; |
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1'])) { |
if (!preg_match($reg_ip, $_POST['dns1'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns1.': '.$l_error_bad_ip; |
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1']) && preg_match($reg_ip, $_POST['dns1'])) { |
file_put_contents(CONF_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
} |
file_put_contents(TEMP_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(TEMP_FILE))); |
$modification_dns = true; |
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2']) && preg_match($reg_ip, $_POST['dns2'])) { |
file_put_contents(CONF_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
} |
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2'])) { |
if (!preg_match($reg_ip, $_POST['dns2'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns2.': '.$l_error_bad_ip; |
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP']) && preg_match($reg_ip_cidr, $_POST['ip_public'])) { |
file_put_contents(CONF_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
} |
file_put_contents(TEMP_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(TEMP_FILE))); |
$modification_dns = true; |
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW']) && preg_match($reg_ip, $_POST['ip_gw'])) { |
file_put_contents(CONF_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
} |
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP'])) { |
if (!preg_match($reg_ip_cidr, $_POST['ip_private'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' LAN: '.$l_error_bad_ip_CIDR; |
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP']) && preg_match($reg_ip_cidr, $_POST['ip_private'])) { |
file_put_contents(CONF_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
} |
file_put_contents(TEMP_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP'])) { |
if (!preg_match($reg_ip_cidr, $_POST['ip_public'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' WAN: '.$l_error_bad_ip_CIDR; |
} |
file_put_contents(TEMP_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW'])) { |
if (!preg_match($reg_ip, $_POST['ip_gw'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' 1: '.$l_error_bad_ip; |
} |
file_put_contents(TEMP_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
if (isset($_POST['enable_proxy']) && $_POST['enable_proxy'] == 'P_Enabled') |
{ |
if ($conf['PROXY'] !== 'On') |
{ |
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=On', file_get_contents(TEMP_FILE))); |
$modification_proxy = true; |
} |
if (isset($_POST['proxy']) && (trim($_POST['proxy']) !== $conf['PROXY_IP'])) { |
if (!preg_match($reg_ip_port, $_POST['proxy'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': Proxy: '.$l_error_bad_ip_port; |
} |
file_put_contents(TEMP_FILE, str_replace('PROXY_IP='.$conf['PROXY_IP'], 'PROXY_IP='.trim($_POST['proxy']), file_get_contents(TEMP_FILE))); |
$modification_proxy = true; |
} |
if ($conf['MULTIWAN'] !== 'Off') |
{ |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
} |
else |
{ |
//set multiwan value to off and delete every "WANx=" line |
if ($_POST['gw_count'] === "1" && $conf['MULTIWAN'] !== 'Off') |
{ |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE))); |
$temp = 1; |
while (isset($conf['WAN'.$temp])) |
{ |
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE))); |
$temp++; |
} |
$modification_network = true; |
} |
if ($_POST['gw_count'] !== "1") |
{ |
$changed = false; |
//testing the existence of a change in the routing configuration |
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nb_gw); |
if ($_POST['gw_count'] == ($nb_gw[0] + 1)) |
{ |
if ($_POST['weight'] !== $conf['PUBLIC_WEIGHT']) { |
$changed = true; |
} |
else { |
for($i=1;$i<$_POST['gw_count'];$i++) |
{ |
if( '"'.$_POST['ip_gw_'.$i].','.$_POST['weight_'.$i].'"' != $conf['WAN'.$i]) |
{ |
$changed = true; |
break; |
} |
} |
} |
} |
else |
{ |
$changed = true; |
} |
if ($changed == true) |
{ |
//deleting all the old lines containing "WANx=" |
$temp = 1; |
while (isset($conf['WAN'.$temp])) |
{ |
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE))); |
$temp++; |
} |
//setting back the line "WAN1=" which will be our base |
if (!preg_match($reg_weight, $_POST['weight'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' 1: '.$l_error_weight; |
} |
file_put_contents(TEMP_FILE, str_replace('PUBLIC_WEIGHT='.$conf['PUBLIC_WEIGHT'], 'PUBLIC_WEIGHT='.(($_POST['weight'] !== '')?$_POST['weight']:1), file_get_contents(TEMP_FILE))); |
//Set Multiwan status |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], "MULTIWAN=On\nWAN1=", file_get_contents(TEMP_FILE))); |
//Adding the correct number of "WANx=" lines, numbered |
for($i=2;$i<$_POST['gw_count'];$i++) |
{ |
file_put_contents(TEMP_FILE, str_replace('WAN'.($i-1).'=', 'WAN'.($i-1)."=\nWAN".$i.'=', file_get_contents(TEMP_FILE))); |
} |
//Adding the content |
for($i=1;$i<$_POST['gw_count'];$i++) |
{ |
if (!preg_match($reg_ip, $_POST['ip_gw_'.$i])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' '.($i+1).': '.$l_error_bad_ip; |
} |
if (!preg_match($reg_weight, $_POST['weight_'.$i])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' '.($i+1).': '.$l_error_weight; |
} |
file_put_contents(TEMP_FILE, str_replace('WAN'.$i.'=', 'WAN'.$i.'="'.$_POST['ip_gw_'.$i].','.(($_POST['weight_'.$i] === "0" || $_POST['weight_'.$i] === "")?"1":$_POST['weight_'.$i]).'"', file_get_contents(TEMP_FILE))); |
} |
$modification_network = true; |
} |
} |
//set proxy value to off |
if ($conf['PROXY'] !== 'Off') |
{ |
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=Off', file_get_contents(TEMP_FILE))); |
if($_POST['gw_count'] !== "1" && $conf['MULTIWAN'] !== 'On') { |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=On', file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
$modification_proxy = true; |
} |
} |
//if no errors are detected |
if ($ext_conf_error == false) { |
copy(TEMP_FILE, CONF_FILE); |
//DNS values modification, several services needs to be reloading, reloads the full server. |
if ($modification_dns) { |
if ($network_modification) { |
exec('sudo /usr/local/bin/alcasar-conf.sh -apply'); |
} |
//External network modifications, no service reloading |
if ($modification_network) { |
exec('sudo /usr/local/bin/alcasar-network.sh'); |
exec('sudo /usr/local/bin/alcasar-iptables.sh'); |
} |
//If only the proxy has been modified, only the firewall needs a change |
else if ($modification_proxy) { |
exec('sudo /usr/local/bin/alcasar-iptables.sh'); |
} |
} |
unlink(TEMP_FILE); |
// Read CONF_FILE updated |
$file_conf = fopen(CONF_FILE, 'r'); |
626,33 → 453,18 |
$internet_publicIP = '-.-.-.-'; |
} |
// Network interfaces, will be use later for multiple LAN interfaces |
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['INTIF']]; |
// Network interfaces |
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['EXTIF'], $conf['INTIF']]; |
exec("ip -o link show | awk -F': ' '{print $2}' | sed '/^" . implode('\\|', $interfacesIgnored) . "$/d'", $interfacesAvailable); |
//retreive gateway(s) parameters |
$gateways = [ |
// TODO: Pending the next version |
$externalNetworks = [ |
(object) [ |
'gateway' => $conf['GW'], |
'weight' => $conf['PUBLIC_WEIGHT'] |
'interface' => $conf['EXTIF'], |
'ip' => $conf['PUBLIC_IP'], |
'gateway' => $conf['GW'] |
] |
]; |
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nbIfaces); |
if ($nbIfaces > 0) |
{ |
for ($i = 1; $i <= $nbIfaces[0]; $i++) { |
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $1 }'", $temp_gw); |
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $2 }'", $temp_weight); |
$gateways[] = (object) [ |
'gateway' => $temp_gw[0], |
'weight' => $temp_weight[0] |
]; |
$temp_gw = ""; |
$temp_weight = ""; |
} |
} |
//retreive internal networks parameters |
$internalNetworks = [ |
(object) [ |
'interface' => $conf['INTIF'], |
708,11 → 520,10 |
.network-configurator .actions a:hover { |
font-weight: bold; |
} |
.network-configurator .actions-externals { |
right: 0; |
border-radius: 5px; |
position: relative; |
text-decoration: none; |
.network-configurator > .alcasar .actions-externals { |
bottom: 0; |
left: 0; |
border-radius: 0 5px; |
} |
.network-configurator > .alcasar .actions-internals { |
bottom: 0; |
720,10 → 531,9 |
border-radius: 5px 0; |
} |
.network-configurator .actions-network { |
top: 0; |
right: 0; |
border-radius: 5px; |
position: relative; |
text-decoration: none; |
border-radius: 0 5px; |
} |
.network-configurator .network-box { |
display: inline-block; |
748,10 → 558,10 |
background-color: black; |
} |
.network-configurator .network-connector[data-connector-direction="left"] { |
border-radius: 5px 0 0 5px; |
border-radius: 5px 0px 0px 5px; |
} |
.network-configurator .network-connector[data-connector-direction="right"] { |
border-radius: 0 5px 5px 0; |
border-radius: 0px 5px 5px 0px; |
} |
.network-configurator div[data-network-type] { |
position: relative; |
759,30 → 569,39 |
</style> |
<script> |
$(document).ready(function () { |
const interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>; |
setTimeout(function(){$("#change_success").fadeOut('normal');}, 10000); |
const wireStyles = { |
available: { border: '5px double green' } |
}; |
//Will be used later for multiple LAN interfaces |
let interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>; |
const wireStyles = { available: { border: '5px double green' } }; |
// Add gateway |
$('.network-configurator').on('click', '.add-external-network', function (event) { |
// Add external network |
$('.network-configurator .add-external-network').click(function (event) { |
event.preventDefault(); |
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value')); |
$('.network-configurator .externals .network-box #ext_gateways').append(' \ |
<div id="ip_routeur_' + ifaces_count + '" data-info_type="gateway" data-number="'+ ifaces_count +'">\ |
<label for="ext_gateway_' + ifaces_count + '"><?= $l_ip_router.' ' ?></label><span class="gw_number">'+ (ifaces_count + 1) +'</span> <input style="width:100px" type="text" name="ip_gw_' + ifaces_count + '" id="ext_gateway_' + ifaces_count + '" value="" /> \ |
<label for="ext_weight_'+ ifaces_count +'"><?= $l_gw_weight ?></label> <input style="width:20px" type="text" name="weight_' + ifaces_count + '" id="ext_weight_'+ ifaces_count +'" value="0"/> \ |
<div class="actions actions-network" style="display:inline-block; width:11px"><a href="#" style="display:block; text-align:center" class="remove-network" title="Supprimer ce réseau">-</a></div><br></div> '); |
ifaces_count++; |
document.getElementById("gw_count").setAttribute('value', ifaces_count); |
updateGatewayView(); |
$('div.network-connector[data-connector-network]').connections('update'); |
let options = ''; |
if (interfacesAvailable.length === 0) { |
options = '<option value=""></option>'; |
} else { |
for (let i = 0; i < interfacesAvailable.length; i++) { |
options += '<option value="' + interfacesAvailable[i] + '">' + interfacesAvailable[i] + '</option>'; |
} |
} |
$('.network-configurator .externals').append(' \ |
<div data-network-type="external"> \ |
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div> \ |
<div class="network-box"> \ |
<div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> \ |
<label for="ext_interface_X"><?= 'Interface' ?></label> <select name="interface" id="ext_interface_X">' + options + '</select><br> \ |
<label for="ext_ip_X"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_X" value="" /><br> \ |
<label for="ext_gateway_X"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_X" value="" /> \ |
</div> \ |
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div> \ |
</div>'); |
addWire($('div[data-network-type="external"]:last')); |
}); |
// Add internal network |
$('.network-configurator').on('click', '.add-internal-network', function (event) { |
$('.network-configurator .add-internal-network').click(function (event) { |
event.preventDefault(); |
$('.network-configurator .internals').append(' \ |
<div data-network-type="internal"> \ |
796,123 → 615,38 |
addWire($('div[data-network-type="internal"]:last')); |
}); |
// Remove gateway |
$('.network-box').on('click', '.remove-network', function (event) { |
// Remove network |
$('.network-configurator').on('click', '.remove-network', function (event) { |
event.preventDefault(); |
$(this).parent().parent().fadeOut(200, function() { |
$(this).parent().parent().parent().fadeOut(200, function() { |
const networkType = $(this).data('networkType'); |
$(this).remove(); |
//update network numbers |
$('div[data-info_type="gateway"]').each(function (index, value) { |
updateGatewayNumbers($(this), index); |
}); |
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value')); |
document.getElementById("gw_count").setAttribute('value', (ifaces_count - 1)); |
updateGatewayView(); |
$('div.network-connector[data-connector-network]').connections('update'); |
}); |
}); |
//proxy enabled or disabled |
$('.network-configurator').on('click', '.enable_proxy', function(event){ |
if ($(this).is(':checked')) |
{ |
document.getElementById("add_external").setAttribute('hidden', 'true'); |
document.getElementById("ext_proxy").removeAttribute('disabled'); |
$('div[id="ip_routeur_0"]').children('span').html(''); |
$('div[data-info_type="gateway"]').each(function(index, value) { |
if ($(this).attr('data-number') !== "0") |
{ |
$(this).attr('hidden', 'true'); |
// Update wires |
if (networkType === 'external') { |
$('div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]').connections('update'); |
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]').connections('update'); |
} else if (networkType === 'internal') { |
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]').connections('update'); |
} |
else |
{ |
$(this).children('input[id="ext_weight_0"]').attr('hidden', 'true'); |
$(this).children('label[for="ext_weight_0"]').attr('hidden', 'true'); |
$(this).children('div[class="actions actions-network"]').css('display', 'none'); |
} |
}); |
} |
else |
{ |
document.getElementById("add_external").removeAttribute('hidden'); |
document.getElementById("ext_proxy").setAttribute('disabled', 'true'); |
$('div[id="ip_routeur_0"]').children('span').html('1'); |
$('div[data-info_type="gateway"]').each(function(index, value) { |
if ($(this).attr('data-number') !== "0") |
{ |
$(this).removeAttr('hidden'); |
} |
else |
{ |
$(this).children('input[id="ext_weight_0"]').removeAttr('hidden'); |
$(this).children('label[for="ext_weight_0"]').removeAttr('hidden'); |
$(this).children('div[class="actions actions-network"]').css('display', 'inline-block'); |
} |
}); |
updateGatewayView(); |
} |
$('div.network-connector[data-connector-network]').connections('update'); |
}); |
//Add a wire between two connectors |
const addWire = function (network) { |
const networkType = network.data('networkType'); |
if (networkType === 'external') { |
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: network.children('div.network-connector[data-connector-network="internet"]'), css: wireStyles.available, within: network }); |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: network.children('div.network-connector[data-connector-network="external"]'), css: wireStyles.available, within: network }); |
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="internet"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' }); |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="external"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' }); |
} else if (networkType === 'internal') { |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: network.children('div.network-connector[data-connector-network="internal"]'), css: wireStyles.available, within: network }); |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: 'div[data-network-type="internal"]>div.network-connector[data-connector-network="internal"]:last', css: wireStyles.available, within: 'div[data-network-type="internal"]:last' }); |
} |
}; |
//reindex the gateway numbers when a gateway is deleted |
const updateGatewayNumbers = function(gateway, number) { |
old_number = gateway.attr('data-number'); |
gateway.attr('data-number', number); |
gateway.attr('id', 'ip_routeur_'+number); |
if (number === 0) |
{ |
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw'); |
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight'); |
} |
else |
{ |
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw_'+number); |
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight_'+number); |
} |
gateway.children('label[for="ext_gateway_'+old_number+'"]').attr('for', 'ext_gateway_'+number); |
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('id', 'ext_gateway_'+number); |
gateway.children('label[for="ext_weight_'+old_number+'"]').attr('for', 'ext_weight_'+number); |
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('id', 'ext_weight_'+number); |
gateway.children('span[class="gw_number"]').html((number+1)+' '); |
}; |
//hide the delete button and the weight field when there is only one gateway (or when there is a proxy) |
const updateGatewayView = function() { |
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value')); |
if (ifaces_count === 1) |
{ |
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').attr('hidden', 'true'); |
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').attr('hidden', 'true'); |
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'none'); |
} |
else |
{ |
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').removeAttr('hidden'); |
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').removeAttr('hidden'); |
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'inline-block'); |
} |
}; |
//resize the connections to fit the window |
window.addEventListener('resize', function () { |
$('div.network-connector[data-connector-network]').connections('update'); |
}); |
// Add wires to existing networks at page first render |
// Add wires to existing networks |
$('div[data-network-type="external"]').add('div[data-network-type="internal"]').each(function (index, element) { |
addWire($(this)); |
}); |
935,49 → 669,26 |
</div> |
<div class="network-connector" data-connector-network="internet" data-connector-direction="right"></div> |
</div> |
</div><div id="externals_id" class="externals"> |
</div><div class="externals"> |
<?php foreach ($externalNetworks as $index => $network): ?> |
<div data-network-type="external"> |
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div> |
<div class="network-box"> |
<label for="ext_interface">Interface</label> <input name="ext_interface" id="ext_interface" value="<?= $conf['EXTIF'] ?>" disabled="disabled"/><br> |
<label for="ext_ip"><?= $l_ip_address ?></label> <input style="width:130px" type="text" name="ip_public" id="ext_ip" value="<?= $conf['PUBLIC_IP'] ?>" /><br> |
<input class="enable_proxy" type="checkbox" name="enable_proxy" value="P_Enabled" <?php if($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On') { echo 'checked'; }?>/> |
<label for="proxy">Proxy</label> <input style="width:140px" type="text" name="proxy" id="ext_proxy" value=<?= $conf['PROXY_IP']?> <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? '' : 'disabled'?>/><br> |
<div id="ext_gateways" > |
<input type="text" name="gw_count" id="gw_count" value="<?=count($gateways)?>" hidden="hidden"/> |
<?php foreach ($gateways as $index => $network): |
if ($index == 0) {?> |
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>"> |
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label> |
<span class="gw_number"><?= ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')?'':($index+1) ?> </span> |
<input style="width:100px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" /> |
<label for="ext_weight_<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>><?= $l_gw_weight ?></label> |
<input style="width:20px" type="text" name="weight" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On' || $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>/> |
<div class="actions actions-network" style="display: <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'none' : 'inline-block' ?>; width:11px"> |
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a> |
</div><br> |
<!-- <div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> --> |
<label for="ext_interface_<?= $index ?>"><?= 'Interface' ?></label> <select name="ext_interface[<?= $index ?>]" id="ext_interface_<?= $index ?>" disabled><option value="<?= $network->interface ?>"><?= $network->interface ?></option></select><br> |
<label for="ext_ip_<?= $index ?>"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_<?= $index ?>" value="<?= $network->ip ?>" /><br> |
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" /> |
</div> |
<?php } else {?> |
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>> |
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label> |
<span class="gw_number"><?= ($index+1) ?> </span> |
<input style="width:100px" type="text" name="ip_gw_<?= $index ?>" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>"/> |
<label for="ext_weight_<?= $index ?>"><?= $l_gw_weight ?></label> |
<input style="width:20px" type="text" name="weight_<?= $index ?>" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>"/> |
<div class="actions actions-network" style="display:inline-block; width:11px"> |
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a> |
</div><br> |
</div> |
<?php } endforeach; ?> |
</div> |
<div class="actions actions-externals" style="margin: 0 auto; width:11px"><a id="add_external" href="#" class="add-external-network" title="Ajouter un réseau externe" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>>+</a></div> |
</div> |
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div> |
</div> |
<? endforeach; ?> |
</div><div class="alcasar"> |
<div data-network-type="alcasar"> |
<div class="network-connector" data-connector-network="external" data-connector-direction="left"></div> |
<div class="network-box"> |
<!-- <div class="actions actions-externals"> |
<div><a href="#" class="add-external-network" title="Ajouter un réseau externe">+</a></div> |
</div> --> |
<div class="alcasar-logo"><img src="/images/logo-alcasar.png" style="width: 100px;height: 100px;"></div> |
<!-- <div class="actions actions-internals"> |
<div><a href="#" class="add-internal-network" title="Ajouter un réseau interne">+</a></div> |
986,7 → 697,7 |
</div> |
<div class="network-connector" data-connector-network="internal" data-connector-direction="right"></div> |
</div> |
</div><div id="internals_id" class="internals" data-count="1"> |
</div><div class="internals"> |
<?php foreach ($internalNetworks as $network): ?> |
<div data-network-type="internal"> |
<div class="network-connector" data-connector-network="internal" data-connector-direction="left"></div> |
999,18 → 710,6 |
<? endforeach; ?> |
</div> |
</div> |
<?php if ($ext_conf_error == true) { |
echo '<span style="color:red">'; |
$temp = 0; |
while (isset($ext_conf_error_list[$temp])) { |
echo $ext_conf_error_list[$temp].'<br>'; |
$temp++; |
} |
echo '</span>'; |
} |
else if (($choix === 'network_change') && ($modification_proxy || $modification_dns || $modification_network)) { |
echo '<span id="change_success" style="color:green">'.$l_change_successful.'</span>'; |
}?> |
<hr> |
<div style="text-align: center; margin: 5px"> |
<input type="hidden" name="choix" value="network_change"> |
1042,7 → 741,6 |
$mac_addr = $fields[0]; |
$ip_addr = $fields[1]; |
$info = (isset($fields[2])) ? implode(' ', array_slice($fields, 2)) : ' '; |
echo '<tr>'; |
echo "<td>$mac_addr</td>"; |
echo "<td>$ip_addr</td>"; |
/web/intercept.php |
---|
111,7 → 111,7 |
$l_reply_6 = "Se ha alcanzado su tiempo de conexión autorizado"; |
$l_online_time = "Tiempo en linea"; |
$l_remaining_time = "Tiempo restante"; |
$l_uam_domain = "Sitios de libre acceso : "; |
$l_uam_domain = "Sitios web autorizados : "; |
$l_autoregistration = "Registo automático"; |
} else if ($Language === 'pt') { // Portuguese |
$l_ChilliError = "A autenticação precisa ser bem sucedida através do portal."; |
145,7 → 145,7 |
$l_reply_6 = "Seu tempo de conexão autorizada finalizou"; |
$l_online_time = "Tempo Online"; |
$l_remaining_time = "Tempo restante"; |
$l_uam_domain = "Sítios de acesso livre : "; |
$l_uam_domain = "Sites autorizados : "; |
$l_autoregistration = "Registo automático"; |
} else if ($Language === 'zh') { // Chinese |
$l_ChilliError = "验证必须通过强制门户服务"; |
179,7 → 179,7 |
$l_reply_6 = "已经到达您的允许连接时间"; |
$l_online_time = "在线时间"; |
$l_remaining_time = "剩余时间"; |
$l_uam_domain = " : "; |
$l_uam_domain = "授权网站 : "; |
$l_autoregistration = "短信注册"; |
} else if ($Language === 'ar') { // Arabic |
$l_ChilliError = "يجب نجاح المصادقة على البوابة الأسيرة"; |
213,7 → 213,7 |
$l_reply_6 = "استكملت مذة الإتصال المسموحة"; |
$l_online_time = "مذة الإتصال"; |
$l_remaining_time = "الوقت المتبق"; |
$l_uam_domain = "مواقع الوصول المجاني"; |
$l_uam_domain = ":المواقع المسموحة "; |
$l_autoregistration = "تسجيل ذاتي (SMS)"; |
} else if ($Language === 'de') { // German |
$l_ChilliError = "Sie wurden erfolgreich durch das Portal authentifiziert."; |
247,7 → 247,7 |
$l_reply_6 = "Ihre maximale Verbindungszeit wurde erreicht"; |
$l_online_time = "Online-Zeit"; |
$l_remaining_time = "Verbleibende Zeit"; |
$l_uam_domain = "Offen zugängliche Seiten : "; |
$l_uam_domain = "Authorisierte Webseiten : "; |
$l_autoregistration = "Automatische Registrierung"; |
} else if ($Language === 'nl') { // Dutch |
$l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst."; |
281,7 → 281,7 |
$l_reply_6 = "Your authorized connexion time has been reached"; |
$l_online_time = "Online tijd"; |
$l_remaining_time = "Reterende tijd"; |
$l_uam_domain = "Sites met open toegang : "; |
$l_uam_domain = "Geautoriseerde website : "; |
$l_autoregistration = "Automatische registratie"; |
} else if ($Language === 'fr') { // French |
$l_ChilliError = "L'authentification doit être réussie sur le portail captif."; |
315,7 → 315,7 |
$l_reply_6 = "Votre durée de connexion autorisée a été atteinte"; |
$l_online_time = "Temps de connexion"; |
$l_remaining_time = "Temps restant"; |
$l_uam_domain = "Sites en accès libre : "; |
$l_uam_domain = "Sites autorisés : "; |
$l_autoregistration = "Auto enregistrement (sms)"; |
} else { // English |
$l_ChilliError = "The authentication must be successful through the captive portal service."; |
349,7 → 349,7 |
$l_reply_6 = "Your authorized connexion time has been reached"; |
$l_online_time = "Online time"; |
$l_remaining_time = "Remaining time"; |
$l_uam_domain = "Open access websites : "; |
$l_uam_domain = "Authorized websites : "; |
$l_autoregistration = "Auto registration (sms)"; |
} |
/CHANGELOG |
---|
1,14 → 1,11 |
# $Id$ |
********** ALCASAR CHANGELOG ********** |
-------------------- 3.5.4 -------------------- |
NEWS |
- Multi-WAN access with load balancing per user (Thx to Pierre RIVAULT for this great job) |
CHANGES |
BUGS |
- Fix local DNS configuration when installing in dhcp mode |
- Fix a display bug for web sites in exception (Thx to Olivier C). |
- Fix |
-------------------- 3.5.3 -------------------- |
NEWS |
- WIFI4EU automatic integration via ACC |
/alcasar.sh |
---|
600,9 → 600,6 |
fi |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PROXY=off" >> $CONF_FILE |
echo "PROXY_IP=\"192.168.0.100:80\"" >> $CONF_FILE |
echo "PUBLIC_WEIGHT=1" >> $CONF_FILE |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE |
echo "DHCP=on" >> $CONF_FILE |
745,33 → 742,8 |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /etc/systemd/system/iptables.service |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default |
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies) |
# create the alcasar-network unit |
cat << EOF > /etc/systemd/system/alcasar-network.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit starts alcasar-network.sh script. |
[Unit] |
Description=alcasar-network.sh execution |
After=network.target iptables.service |
[Service] |
Type=oneshot |
RemainAfterExit=yes |
ExecStart=$DIR_DEST_BIN/alcasar-network.sh |
ExecStop=$DIR_DEST_BIN/alcasar-network.sh |
TimeoutSec=0 |
[Install] |
WantedBy=multi-user.target |
EOF |
/usr/bin/systemctl daemon-reload |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is started at the end of this script in order not to cut network flow in case of using ssh |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh |
} # End of network() |
################################################################## |
2192,10 → 2164,11 |
echo "LDAP_CERT_REQUIRED=" >> $CONF_FILE |
echo "SMS=off" >> $CONF_FILE |
echo "SMS_NUM=" >> $CONF_FILE |
echo "## MULTIWAN : WANx=@IPx,Weightx" >> $CONF_FILE |
echo "MULTIWAN=off" >> $CONF_FILE |
echo "#WAN1=\"192.168.0.250,1\"" >> $CONF_FILE |
echo "#WAN2=\"192.168.0.251,1\"" >> $CONF_FILE |
echo "FAILOVER=30" >> $CONF_FILE |
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE |
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE |
echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE |
echo "BL_PUREIP=on" >> $CONF_FILE |
echo "BL_SAFESEARCH=off" >> $CONF_FILE |
echo "WL_SAFESEARCH=off" >> $CONF_FILE |
2221,9 → 2194,33 |
do |
find /var/log/$dir -type f -name "*.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]" -exec gzip {} \; |
done |
# create the alcasar-load_balancing unit |
cat << EOF > /etc/systemd/system/alcasar-load_balancing.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit lauches alcasar-load-balancing.sh script. |
[Unit] |
Description=alcasar-load_balancing.sh execution |
After=network.target iptables.service |
[Service] |
Type=oneshot |
RemainAfterExit=yes |
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start |
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop |
TimeoutSec=0 |
[Install] |
WantedBy=multi-user.target |
EOF |
/usr/bin/systemctl daemon-reload |
# processes started at boot time (Systemctl) |
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
2391,6 → 2388,10 |
fi |
done |
# RPMs install |
if [ "$mode" == "update" ] # to avoid updating unbound during the V5.3.3 update (to be removed after this version) |
then |
echo "/^unbound/" >> /etc/urpmi/skip.list |
fi |
$DIR_SCRIPTS/alcasar-rpm.sh |
if [ "$?" != "0" ] |
then |
2427,7 → 2428,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1` |
if [ $Lang == "fr" ] |
then echo "Le fichier de configuration d'une version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION a été trouvé"; |
else echo "The configuration file of a version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION has been found"; |
else echo "The configuration file of an old version has been found"; |
fi |
response=0 |
PTN='^[oOnNyY]?$' |
/scripts/alcasar-network.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-native |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
/scripts/alcasar-conf.sh |
---|
124,7 → 124,7 |
--load|-load) |
cd /var/tmp || { echo "Unable to find /var/tmp directory"; } |
tar -xf alcasar-conf.tar.gz |
# update alcasar.conf parameters |
# copy alcasar.conf parameters |
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2` |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1` |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2` |
/scripts/alcasar-rpm-download.sh |
---|
13,7 → 13,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-5.10.30-1.mga7-1-1.mga7" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd clamav clamav-db fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
rpm_repository_sync () |
{ |
/scripts/alcasar-rpm.sh |
---|
18,8 → 18,7 |
# "lsscsi" & nvme-cli" : needed by phpsysinfo |
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh") |
# "sudo" : needed after a reinstallation (to be investigated) |
# "clamav + clamav-db" : needes because of a mutual dependance |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
289,14 → 289,19 |
post_install () |
{ |
echo -en "(7) : " |
echo -en "(8) : " |
[ -e /etc/mageia-release.default ] && mv -f /etc/mageia-release.default /etc/mageia-release && echo -n "1, " |
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, " |
[ -e /etc/ssh/sshd_config.default ] && mv -f /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
[ -e /etc/bashrc.default ] && mv -f /etc/bashrc.default /etc/bashrc && echo -n "4, " |
[ -e /etc/sudoers.default ] && mv -f /etc/sudoers.default /etc/sudoers && echo -n "5, " |
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "6, " |
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "7" |
if [ -e /etc/systemd/system/alcasar-load_balancing.service ] |
then |
rm -f /etc/systemd/system/alcasar-load_balancing.service |
echo -n "6, " |
fi |
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "7, " |
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "8" |
} |
332,7 → 337,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
339,7 → 344,7 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# unbound, iptables & sshd should stay on to allow remote update |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update + users stay connected during the update |
fi |
386,7 → 391,7 |
done |
if [ $mode == "full" ] |
then |
echo -en "\n- network(10) : " |
echo -en "\n- network(9) : " |
hostnamectl set-hostname localhost.localdomain |
chmod a-x /etc/sysconfig/network-scripts/default-* |
i=0 |
401,17 → 406,12 |
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, " |
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, " |
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, " |
if [ -e /etc/systemd/system/alcasar-network.service ] |
- then |
- rm -f /etc/systemd/system/alcasar-network.service |
- echo -n "8, " |
- fi |
if [ -e /etc/systemd/system/iptables.service ] |
then |
rm -f /etc/systemd/system/iptables.service |
echo -n "9, " |
echo -n "8, " |
fi |
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "10" |
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "9" |
/usr/bin/systemctl restart network |
sleep 1 |
fi |
/scripts/alcasar-iptables.sh |
---|
39,7 → 39,6 |
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP |
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation |
TMP_ip_gw_save="/tmp/ipset_ip_gw_save" # tmp file for already connected ips |
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
47,10 → 46,6 |
IPTABLES="/sbin/iptables" |
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP |
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # WEB Sites allowed for all (no av and no filtering for av_bl users) |
MULTIWAN=`grep ^MULTIWAN $CONF_FILE|cut -d"=" -f2` |
PROXY=`grep ^PROXY= $CONF_FILE|cut -d"=" -f2` |
PROXY_IP=`grep ^PROXY_IP= $CONF_FILE|cut -d"=" -f2` |
nb_gw=`grep ^WAN $CONF_FILE|wc -l` |
# Allow requests to internal DNS if activated |
if [ "$INT_DNS_ACTIVE" = "on" ] |
58,15 → 53,6 |
DNSSERVERS="$DNSSERVERS,$INT_DNS_IP" |
fi |
#ipset name list for load_balancing |
gw_list="gw0" |
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then |
for ((i=1 ; i<=$nb_gw ; i++)); do |
gw_list="${gw_list} gw$i" |
done |
fi |
# Sauvegarde des SET des utilisateurs connectés si ils existent |
# Saving SET of connected users if it exists |
ipset list not_filtered 1>/dev/null 2>&1 |
82,20 → 68,6 |
ipset save proto_3 >> $TMP_users_set_save |
fi |
# Sauvegarde de la liste de toutes les IP déjà connectées pour les réintégrer dans le load balancing |
# Saving all of the already connected IP in order to put them back in the load balancing after |
if [ ! -f $TMP_ip_gw_save ];then |
# Save only if alcasar-network.sh --save has not been executed before |
for i in $gw_list;do |
ipset list $i 1>/dev/null 2>&1 |
if [ $? -eq 0 ] |
then |
# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines execpt the members |
ipset list $i | cut -d":" -f5 | sed '/^[[:space:]]*$/d' >> $TMP_ip_gw_save |
fi |
done |
fi |
# Chargement de la sonde NetFlow (module noyau ipt_NETFLOW) |
# loading of NetFlow probe (ipt_NETFLOW kernel module) |
modprobe ipt_NETFLOW destination=127.0.0.1:2055 |
188,41 → 160,10 |
ipset create proto_3 hash:ip hashsize 1024 |
fi |
#ipsets for load balancing |
for i in $gw_list; do |
ipset create $i hash:ip |
done |
cat $TMP_ip_gw_save | while read ip; do |
gw_min="gw0" |
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2` |
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2` |
#The *1000 is here to avoid working on floats in bash |
gw_min_value=$((1000 * $already / $weight)) |
i=1 |
for gw in $gw_list;do |
if [ "$gw" != "gw0" ]; then |
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'` |
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2` |
value=$((1000 * $already / $weight)) |
if [ $value -lt $gw_min_value ] |
then |
gw_min_value=$value |
gw_min=$gw |
fi |
i=$(($i+1)) |
fi |
done |
ipset add $gw_min $ip |
done |
rm -f $TMP_ip_gw_save |
############################# |
# PREROUTING # |
############################# |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement aux ports d'écoute du proxy HTTP/HTTPS (E2Guardian) pour pouvoir les rejeter en INPUT |
# Mark (and log) the direct attempts to E2guardian listen ports in order to REJECT them in INPUT rules |
# 8080 = ipset av_bl |
276,7 → 217,6 |
# Redirection des requêtes HTTP des usagers "av_bl + av_wl + av" vers E2guardian |
# Redirect outbound "av_bl + av_wl +av" users HTTP requests to E2guardian |
# 8080 = ipset av_bl |
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j MARK --set-mark 200 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
# 8090 = ipset av_wl & av |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8090 |
292,23 → 232,6 |
# Redirect NTP request in local NTP server |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123 |
#Récupération de la marque associée à une gw pour chaque connection |
$IPTABLES -A PREROUTING -t mangle -j CONNMARK --restore-mark |
if [ "$PROXY" == "on" ] || [ "$PROXY" == "On" ];then |
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p tcp -m multiport --dports http,https -j DNAT --to-destination $PROXY_IP |
fi |
#Marquage pour le load balancing |
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then |
temp_index=200 |
for i in $gw_list; do |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set $i src -j MARK --set-mark $temp_index |
temp_index=$(($temp_index+1)) |
done |
fi |
############################# |
# INPUT # |
############################# |
319,7 → 242,7 |
$IPTABLES -A OUTPUT -o lo -j ACCEPT |
# Rejet des demandes de connexions non conformes (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN) |
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST and NEW not SYN) |
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN) |
$IPTABLES -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP |
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP |
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP |
566,9 → 489,6 |
# Dynamic NAT on EXTIF |
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |
#Sauvegarde de la marque associée à la connexion pour le load balancing |
$IPTABLES -A POSTROUTING -t mangle -j CONNMARK --save-mark |
############################# |
# FAIL2BAN # |
############################# |
/scripts/alcasar-condown.sh |
---|
3,7 → 3,7 |
# $Id$ |
# |
# alcasar-condown.sh |
# by Rexy & Pierre RIVAULT |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# This script is started by coova after each logout |
56,17 → 56,6 |
current_users_file="/tmp/current_users.txt" |
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file |
# Remove user_IP from ipset of load balancing |
nb_gw=`grep ^WAN $CONF_FILE | wc -l` |
for (( i = 0 ; i <= $nb_gw ; i++ ));do |
gw="gw$i" |
ipset test $gw $FRAMED_IP_ADDRESS 1>/dev/null 2>&1 |
if [ $? -eq 0 ];then |
ipset del $gw $FRAMED_IP_ADDRESS |
break |
fi |
done |
############################# |
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter). |
## see "/src/chilli.c" for the complete list of parse variables |
/scripts/alcasar-conup.sh |
---|
3,13 → 3,13 |
# $Id$ |
# |
# alcasar-conup.sh |
# by Rexy & Pierre RIVAULT |
# by Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# This script is started by coova after each successfull login |
# Ce script est démarré par coova à chaque connexion d'usager (authentification réussi) |
CONF_FILE="/usr/local/etc/alcasar.conf" |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2` |
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2` |
67,27 → 67,6 |
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file |
fi |
# set the user_ip to an gw_ipset for load-balancing |
gw_min="gw0" |
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2` |
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2` |
#The *1000 is here to avoid working on floats in bash |
gw_min_value=$((1000 * $already / $weight)) |
nb_gw=`grep ^WAN $CONF_FILE | wc -l` |
for (( i = 1 ; i <= $nb_gw ; i++ ));do |
gw="gw${i}" |
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'` |
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2` |
value=$((1000 * $already / $weight)) |
if [ $value -lt $gw_min_value ] |
then |
gw_min_value=$value |
gw_min=$gw |
fi |
done |
ipset add $gw_min $FRAMED_IP_ADDRESS |
############################# |
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter + Alcasar-Status-Page-Must-Stay-Open). |
## see "/src/chilli.c" for the complete list of parse variables |
/scripts/alcasar-load_balancing.sh |
---|
0,0 → 1,407 |
#!/bin/bash |
# $Id$ |
# Generic Load balancer for multiple WAN links - version 1.1 (04 Feb 2011) |
# (c) 2011 Pau Oliva Fora - http://pof.eslack.org |
# |
# Licensed under GPLv3 - for full terms see: |
# http://www.gnu.org/licenses/gpl-3.0.html |
# |
# Adapted and debugged (adr et ping -S) by ALCASAR Team (3abtux@alcasar.net) |
# (c) 2013 3abtux - http://www.alcasar.net |
# |
# Specify each WAN link in a separate column, example: |
# In this example we have 3 wan links (vlanXXX interfaces) attached to a single |
# physical interface because we use a vlan-enabled switch between the balancer |
# machine and the ADSL routers we want to balance. The weight parameter should |
# be kept to a low integer. |
# |
# |
# Modified by ALCASAR team : |
prog="alcasar-load_balancing.sh" |
pidfile="/run/alcasar-load_balancing.pid" |
############################### |
# MAIN PARAMETERs Configuration |
############################### |
DIR_ETC="/usr/local/etc" |
CONF_FILE="$DIR_ETC/alcasar.conf" |
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2` |
MULTIWAN=${MULTIWAN:=off} |
FAILOVER=`grep ^FAILOVER= $CONF_FILE|cut -d"=" -f2` |
FAILOVER=${FAILOVER:=30} |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace |
# space separated list of public IPs to ping in watchdog mode |
# set this to some public ip addresses pingable and always on. |
TESTIPS="8.8.8.8 192.0.32.10" |
# set to 1 when testing, set to 0 when happy with the results |
VERBOSE=0 |
# CONFIGURATION ENDS HERE |
############################### |
if [ $(whoami) != "root" ]; then |
echo "You must be root to run this!" ; echo ; exit 1 |
fi |
# Adapter for ALCASAR project |
CONF_FILE="/usr/local/etc/alcasar.conf" |
# Virtual interfaces creating |
function create_eth () { |
routecmd="ip route replace default scope global" |
NBIFACE=`grep "^WAN=" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
i=0 |
while [ $i -le $NBIFACE ] |
do |
INT="WAN$i" |
echo $INT |
ACTIVE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $1}'` # Active |
WT=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # WEIGHT |
WT=${WT:-1} |
IP=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $3}' | cut -d"/" -f1` # @IP |
if [ $i -ne 0 ]; then |
[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i ] && ifdown $EXTIF:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i |
IFACE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'` # IFACE |
IP_NET=`grep "^$INT=" $CONF_FILE | awk -F'"' '{print $2}' | awk -F, '{ print $3}'` # IP |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
GW=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
MTU=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $6}'` # MTU |
# Config $EXTIF:$i (Internet) |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i |
DEVICE=$IFACE |
BOOTPROTO=static |
IPADDR=`echo $IP | cut -d"/" -f1` |
NETMASK=`ipcalc -m $IP_NET | cut -d= -f2` |
NETWORK=`ipcalc -n $IP_NET | cut -d= -f2` |
MTU=$MTU |
ONBOOT=yes |
NOZEROCONF=yes |
MII_NOT_SUPPORTED=yes |
IPV6INIT=no |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
EOF |
echo "ifup $EXTIF:$i" |
ifup $EXTIF:$i |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
else |
IFACE="$EXTIF" |
IP_NET=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F'=' '{print $2}'` # IP/MSK |
IP=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F= '{ print $2 }' | cut -d"/" -f1` # @IP |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
# MTU=`grep "^PUBLIC_MTU=" $CONF_FILE | awk -F= '{print $2}'` # MTU |
fi # End |
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`" |
if [ "$PARAM" == "add" ]; then |
set -x |
table=$(($i + 1)) |
ip route ${PARAM} ${NET} dev ${IFACE} src ${IP} table $table |
ip route ${PARAM} default via ${GW} table $table |
ip rule ${PARAM} from ${IP} table $table |
set +x |
fi |
echo " Iface: ${IFACE}" |
echo " IP: ${IP}" |
echo " IP_NET: ${IP_NET}" |
echo " NET: ${NET}" |
echo " GW: ${GW}" |
echo " Weight: ${WT}" |
echo " MTU : ${MTU}" |
echo |
routecmd="${routecmd} nexthop via ${GW} dev ${IFACE} weight ${WT}" |
i=$(($i + 1)) |
done # End While |
if [ "$PARAM" == "add" ]; then |
echo "[] Balanced routing:" |
# suppress default route |
ip route del default scope global |
set -x |
${routecmd} |
set +x |
echo |
fi |
} # end create_eth |
########################### |
# Fonction virtual Interfaces deleting |
########################### |
delete_eth () { |
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-$EXTIF:* | wc -l` |
echo $IFACE_COUNT |
while [ $IFACE_COUNT -ne 0 ] |
do |
i=$IFACE_COUNT |
echo "ifdown $EXTIF:$i" |
ifdown $EXTIF:$i |
rm -f /etc/sysconfig/network-scripts/ifcfg-$EXTIF:$i |
IFACE_COUNT=$(($IFACE_COUNT - 1)) |
done |
ip route del default scope global |
# ip route add default gw 192.168.1.1 |
} |
# do not modify below this line unless you know what you're doing :) |
function getvalue() { |
index=$1 |
VAR=$2 |
n=1 |
for f in ${VAR} ; do |
if [ "${n}" == "${index}" ]; then |
echo "$f" |
break |
fi |
n=$(($n++)) |
done |
} |
###################### |
# Fonction de FailOver |
###################### |
function failover () { |
echo "[] Watchdog started" |
# 0 == all links ok, 1 == some link down |
STATE=0 |
DOWNCOUNT_BAK=0 |
DOWN_BAK="" |
NBIFACE=`grep "^WAN=" $CONF_FILE | wc -l` # Nbre interfaces virtuelles |
echo "Nombre interfaces = "$NBIFACE |
WANIFACE[0]="$EXTIF" |
c=0 |
while [ $c -le $NBIFACE ]; do |
ITH=(`grep "^WAN$c=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'`) # IFACE |
echo $ITH |
WANIFACE="${WANIFACE} $ITH" |
echo $WANIFACE |
c=$(($c + 1)) |
done |
echo "Liste des interfaces : "${WANIFACE[*]} |
# Failover test |
while : ; do |
if [ $VERBOSE -eq 1 ]; then |
echo "[] Sleeping, state=$STATE" |
fi |
sleep $FAILOVER |
IFINDEX=1 |
DOWN="" # liste des interfaces down |
DOWNCOUNT=0 # nombre d'interface down |
for iface in $WANIFACE ; do |
COUNT=0 # compteur de test |
FAIL=0 # Nombre de fois down |
# Recup de l'adresse IP dynamiquement |
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
if [ $i -ne 0 ]; then |
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @WT |
else |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
fi |
for TESTIP in $TESTIPS ; do |
COUNT=$(($COUNT + 1)) |
ping -W 3 -I $IP -c 1 $TESTIP > /dev/null 2>&1 |
# ping -W 3 -I $IP -c 1 $TESTIP |
# Si ping de la première adresse --> ok --> stop du test pour l'interface testée |
if [ $? -eq 0 ]; then |
break |
else |
# sinon on compte une erreur |
FAIL=$(($FAIL + 1)) |
fi |
done # End of test sur un serveur Internet |
# Affichage du nombre de down |
echo "FAIL=$FAIL" |
# Si nombre de fois down = nombre de tests --> Iface down --> log dans fichier log avec l'heure |
if [ $FAIL -eq $COUNT ]; then |
echo "`date +%F-%Hh%mm%Ss` : [WARN] $iface is down!" |
# Si etat différent de 1 (déjà tombé) --> changement de l'état général en default |
if [ $STATE -ne 1 ]; then |
echo "Switching state $STATE -> 1" |
STATE=1 |
fi |
# Rajout de l'iface dans la liste des interfaces down |
DOWN="${DOWN} $IFINDEX" |
echo "DOWN=$DOWN" |
# Nombre d'interface down |
DOWNCOUNT=$(($DOWNCOUNT + 1)) |
echo "DOWNCOUNT=$DOWNCOUNT" |
fi |
IFINDEX=$(($IFINDEX + 1)) |
echo "IFINDEX =$IFINDEX" |
done # End Test Interface in WANIFACE |
# 0 Passerelle down et état précédent différent (retour à la normale)) --> mise à la normale des passerelles |
# if [ $DOWNCOUNT -eq 0 ] && [ $DOWNCOUNT -ne $DOWNCOUNT_BAK ]; then |
if [ $DOWNCOUNT -eq 0 ] ; then |
if [ $STATE -eq 1 ]; then |
echo |
echo "[] All links up and running :)" |
set -x |
${routecmd} |
set +x |
# Changement de l'état en normal |
STATE=0 |
echo "Switching state 1 -> 0" |
fi # End retour etat normal |
# if no interface is down, go to the next cycle |
continue |
# cas ou au moins une passerelle down mais état identique au précédent Test --> rien à changer |
else |
if [ "$DOWN_BAK" == "$DOWN" ]; then |
echo "DOWN_BAK == DOWN = $DOWN" |
continue # --> état identique test precedent --> boucle suivante |
# cas ou au moins une passerelle down mais état différent de test précédent --> remplacement par nouvelle règle |
else |
cmd="ip route replace default scope global" |
IFINDEX=1 |
suffix="" |
# Pour chaque interface --> traitement et application de la règle de routage |
for iface in $WANIFACE ; do |
echo "-------------------------" |
echo "iface=$iface" |
echo "Index = " $IFINDEX |
FAILIF=0 |
# Pour chaque interface down --> |
echo "Interfaces DOWN = $DOWN" |
for lnkdwn in $DOWN ; do |
echo "LINKDOWN = "$lnkdown |
if [ $lnkdwn -eq $IFINDEX ]; then |
FAILIF=1 |
break |
else |
continue |
fi |
done # End linkdown in DOWN |
# Interface en etat normal --> rajout de la règle en mode nexthop |
if [ $FAILIF -eq 0 ]; then |
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'` |
if [ $iface != "$EXTIF" ]; then |
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW |
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW |
else |
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW |
fi |
echo "GW=$GW" |
echo "WT=$WT" |
echo "suffix=$sufix" |
suffix="${suffix} nexthop via ${GW} dev ${iface} weight ${WT:-1}" |
fi # End interface = noFAIL |
IFINDEX=$(($IFINDEX + 1)) |
done # End iface IN WANIFACE |
# Commande globale |
cmd="ip route replace default scope global $suffix" |
if [ $VERBOSE -eq 1 ]; then |
set -x |
# echo "Avec commentaire : " ${cmd} |
${cmd} |
set +x |
echo |
else |
${cmd} 2>/dev/null |
echo ${cmd} |
fi # end Application de la commande de routage globale |
fi # |
DOWN_BAK=$DOWN # Enregistrement de l'etat |
fi # End |
done |
} # End of Failover |
################# |
# Main |
################# |
echo "[] Load balancer for multiple WAN interfaces - v2.1" |
echo "[] (c) 2011 Pau Oliva Fora <pof> @eslack.org" |
echo "[] (c) 2013 3abtux ALCASAR <3abtux> @alcasar.net" |
echo |
case $1 in |
create) |
create_eth |
;; |
delete) |
delete_eth |
;; |
start) |
if [ "$MULTIWAN" != "on" ] && [ "$MULTIWAN" != "On" ]; then |
echo "The MultiGateway is not activated !" |
exit 0 |
fi |
PARAM="add" |
create_eth |
ip route flush cache |
if [ $FAILOVER -eq 0 ]; then |
echo "The MultiWAN Mode is actived but not failover connectivity !" |
exit 0 |
fi |
echo "Starting down $prog: " |
pid=`pidof -x "alcasar-load_balancing.sh"` |
if [ $pid != "" ]; then |
echo $pid > $pidfile |
fi |
touch /var/lock/subsys/alcasar-load_balancing |
failover |
;; |
stop) |
PARAM="del" |
echo "Shutting down $prog: " |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
kill -9 $pid |
else |
echo "$prog is not running." |
exit 1 |
fi |
RETVAL=$? |
echo |
[ $RETVAL -eq 0 ] && rm -f $pidfile && rm -f /var/lock/subsys/alcasar-load_balancing |
echo "Delete of virtual interfaces" |
delete_eth |
echo "Network restart" |
service network restart 2>&1 > /dev/null |
ip route |
;; |
status) |
echo "Checking $prog : " |
if [ -f $pidfile ]; then |
pid=`cat $pidfile` |
CHECK=`ps -p $pid --no-heading | awk {'printf $1'}` |
if [ "$CHECK" = "" ]; then |
echo "$prog is NOT running." |
else |
echo "$prog is running !" |
fi |
else |
echo "$prog is Not running." |
fi |
;; |
fail) |
failover |
;; |
*) |
echo "Usage: $0 [start|stop|status|create|delete]" ; echo ; exit 1 |
;; |
esac |
exit 0 |
Property changes: |
Added: svn:eol-style |
+LF |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
Added: svn:keywords |
+Id Author Date |
\ No newline at end of property |
/conf/sudoers |
---|
13,7 → 13,7 |
User_Alias SMS=gammu_smsd # gammu-smsd owner |
# Cmnd alias specification |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh # network commands |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment |
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line |
/conf/etc/alcasar-iptables-local.sh |
---|
33,8 → 33,8 |
# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance d'Internet vers ALCASAR |
# Allow ping (echo & request) (ICMP N°0 & 8) from Internet |
#$IPTABLES -A INPUT -i $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
#$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 0 -j ACCEPT |
#$IPTABLES -A INPUT -i $EXTIF -s $Admin_from_IP -p icmp --icmp-type 8 -j ACCEPT |
#$IPTABLES -A OUTPUT -o $EXTIF -d $Admin_from_IP -p icmp --icmp-type 0 -j ACCEPT |
# On autorise ALCASAR a accéder à un serveur MAIL local (envoie de rapports, alertes, etc.) |
# Allow ALCASAR to conect to a local mail server (send reports, alerts, etc.) |
/VERSION |
---|
1,0 → 0,0 |
3.5.4b |
3.5.3 |