/CHANGELOG |
---|
1,11 → 1,14 |
# $Id$ |
********** ALCASAR CHANGELOG ********** |
-------------------- 3.5.4 -------------------- |
NEWS |
- Multi-WAN access with load balancing per user (Thx to Pierre RIVAULT for this great job) |
CHANGES |
BUGS |
- Fix local DNS configuration when installing in dhcp mode |
- Fix a display bug for web sites in exception (Thx to Olivier C). |
- Fix |
-------------------- 3.5.3 -------------------- |
NEWS |
- WIFI4EU automatic integration via ACC |
/VERSION |
---|
1,0 → 0,0 |
3.5.3 |
3.5.4b |
/alcasar.sh |
---|
600,6 → 600,9 |
fi |
echo "DNS1=$DNS1" >> $CONF_FILE |
echo "DNS2=$DNS2" >> $CONF_FILE |
echo "PROXY=off" >> $CONF_FILE |
echo "PROXY_IP=\"192.168.0.100:80\"" >> $CONF_FILE |
echo "PUBLIC_WEIGHT=1" >> $CONF_FILE |
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE |
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE |
echo "DHCP=on" >> $CONF_FILE |
742,8 → 745,33 |
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /etc/systemd/system/iptables.service |
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default |
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies) |
# create the alcasar-network unit |
cat << EOF > /etc/systemd/system/alcasar-network.service |
# This file is part of systemd. |
# |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh |
# systemd is free software; you can redistribute it and/or modify it |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit starts alcasar-network.sh script. |
[Unit] |
Description=alcasar-network.sh execution |
After=network.target iptables.service |
[Service] |
Type=oneshot |
RemainAfterExit=yes |
ExecStart=$DIR_DEST_BIN/alcasar-network.sh |
ExecStop=$DIR_DEST_BIN/alcasar-network.sh |
TimeoutSec=0 |
[Install] |
WantedBy=multi-user.target |
EOF |
/usr/bin/systemctl daemon-reload |
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is started at the end of this script in order not to cut network flow in case of using ssh |
} # End of network() |
################################################################## |
2164,11 → 2192,10 |
echo "LDAP_CERT_REQUIRED=" >> $CONF_FILE |
echo "SMS=off" >> $CONF_FILE |
echo "SMS_NUM=" >> $CONF_FILE |
echo "## MULTIWAN : WANx=@IPx,Weightx" >> $CONF_FILE |
echo "MULTIWAN=off" >> $CONF_FILE |
echo "FAILOVER=30" >> $CONF_FILE |
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE |
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE |
echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE |
echo "#WAN1=\"192.168.0.250,1\"" >> $CONF_FILE |
echo "#WAN2=\"192.168.0.251,1\"" >> $CONF_FILE |
echo "BL_PUREIP=on" >> $CONF_FILE |
echo "BL_SAFESEARCH=off" >> $CONF_FILE |
echo "WL_SAFESEARCH=off" >> $CONF_FILE |
2194,33 → 2221,9 |
do |
find /var/log/$dir -type f -name "*.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]" -exec gzip {} \; |
done |
# create the alcasar-load_balancing unit |
cat << EOF > /etc/systemd/system/alcasar-load_balancing.service |
# This file is part of systemd. |
# |
# systemd is free software; you can redistribute it and/or modify it |
# under the terms of the GNU General Public License as published by |
# the Free Software Foundation; either version 2 of the License, or |
# (at your option) any later version. |
# This unit lauches alcasar-load-balancing.sh script. |
[Unit] |
Description=alcasar-load_balancing.sh execution |
After=network.target iptables.service |
[Service] |
Type=oneshot |
RemainAfterExit=yes |
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start |
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop |
TimeoutSec=0 |
[Install] |
WantedBy=multi-user.target |
EOF |
/usr/bin/systemctl daemon-reload |
# processes launched at boot time (Systemctl) |
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
# processes started at boot time (Systemctl) |
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd |
do |
/usr/bin/systemctl -q enable $i.service |
done |
2388,10 → 2391,6 |
fi |
done |
# RPMs install |
if [ "$mode" == "update" ] # to avoid updating unbound during the V5.3.3 update (to be removed after this version) |
then |
echo "/^unbound/" >> /etc/urpmi/skip.list |
fi |
$DIR_SCRIPTS/alcasar-rpm.sh |
if [ "$?" != "0" ] |
then |
2428,7 → 2427,7 |
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1` |
if [ $Lang == "fr" ] |
then echo "Le fichier de configuration d'une version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION a été trouvé"; |
else echo "The configuration file of an old version has been found"; |
else echo "The configuration file of a version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION has been found"; |
fi |
response=0 |
PTN='^[oOnNyY]?$' |
/conf/etc/alcasar-iptables-local.sh |
---|
33,8 → 33,8 |
# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance d'Internet vers ALCASAR |
# Allow ping (echo & request) (ICMP N°0 & 8) from Internet |
#$IPTABLES -A INPUT -i $EXTIF -s $Admin_from_IP -p icmp --icmp-type 8 -j ACCEPT |
#$IPTABLES -A OUTPUT -o $EXTIF -d $Admin_from_IP -p icmp --icmp-type 0 -j ACCEPT |
#$IPTABLES -A INPUT -i $EXTIF -p icmp --icmp-type 8 -j ACCEPT |
#$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 0 -j ACCEPT |
# On autorise ALCASAR a accéder à un serveur MAIL local (envoie de rapports, alertes, etc.) |
# Allow ALCASAR to conect to a local mail server (send reports, alerts, etc.) |
/conf/sudoers |
---|
13,25 → 13,25 |
User_Alias SMS=gammu_smsd # gammu-smsd owner |
# Cmnd alias specification |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands |
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh # network commands |
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment |
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass |
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass |
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line |
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database |
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database |
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # create conf backup file |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files |
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files |
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # manage the filtering system |
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # manage the firewall |
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users |
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed) |
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users |
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed) |
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # manage the linux services |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem |
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem |
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # manage the certificates |
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups |
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups |
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # create log PDF from ACC |
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection |
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page |
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet) |
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection |
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page |
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet) |
# Defaults specification |
# Defaults syslog=auth |
/scripts/alcasar-load_balancing.sh |
---|
File deleted |
Property changes: |
Deleted: svn:eol-style |
-LF |
\ No newline at end of property |
Deleted: svn:executable |
-* |
\ No newline at end of property |
Deleted: svn:keywords |
-Id Author Date |
\ No newline at end of property |
/scripts/alcasar-condown.sh |
---|
3,7 → 3,7 |
# $Id$ |
# |
# alcasar-condown.sh |
# by Rexy |
# by Rexy & Pierre RIVAULT |
# This script is distributed under the Gnu General Public License (GPL) |
# This script is started by coova after each logout |
56,6 → 56,17 |
current_users_file="/tmp/current_users.txt" |
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file |
# Remove user_IP from ipset of load balancing |
nb_gw=`grep ^WAN $CONF_FILE | wc -l` |
for (( i = 0 ; i <= $nb_gw ; i++ ));do |
gw="gw$i" |
ipset test $gw $FRAMED_IP_ADDRESS 1>/dev/null 2>&1 |
if [ $? -eq 0 ];then |
ipset del $gw $FRAMED_IP_ADDRESS |
break |
fi |
done |
############################# |
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter). |
## see "/src/chilli.c" for the complete list of parse variables |
/scripts/alcasar-conf.sh |
---|
124,7 → 124,7 |
--load|-load) |
cd /var/tmp || { echo "Unable to find /var/tmp directory"; } |
tar -xf alcasar-conf.tar.gz |
# copy alcasar.conf parameters |
# update alcasar.conf parameters |
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2` |
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1` |
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2` |
/scripts/alcasar-conup.sh |
---|
3,13 → 3,13 |
# $Id$ |
# |
# alcasar-conup.sh |
# by Rexy |
# by Rexy & Pierre RIVAULT |
# This script is distributed under the Gnu General Public License (GPL) |
# This script is started by coova after each successfull login |
# Ce script est démarré par coova à chaque connexion d'usager (authentification réussi) |
CONF_FILE="/usr/local/etc/alcasar.conf" |
PASSWD_FILE="/root/ALCASAR-passwords.txt" |
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2` |
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2` |
67,6 → 67,27 |
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file |
fi |
# set the user_ip to an gw_ipset for load-balancing |
gw_min="gw0" |
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2` |
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2` |
#The *1000 is here to avoid working on floats in bash |
gw_min_value=$((1000 * $already / $weight)) |
nb_gw=`grep ^WAN $CONF_FILE | wc -l` |
for (( i = 1 ; i <= $nb_gw ; i++ ));do |
gw="gw${i}" |
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'` |
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2` |
value=$((1000 * $already / $weight)) |
if [ $value -lt $gw_min_value ] |
then |
gw_min_value=$value |
gw_min=$gw |
fi |
done |
ipset add $gw_min $FRAMED_IP_ADDRESS |
############################# |
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter + Alcasar-Status-Page-Must-Stay-Open). |
## see "/src/chilli.c" for the complete list of parse variables |
/scripts/alcasar-iptables.sh |
---|
39,6 → 39,7 |
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP |
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set |
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation |
TMP_ip_gw_save="/tmp/ipset_ip_gw_save" # tmp file for already connected ips |
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off) |
SSH=${SSH:=off} |
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2` |
46,6 → 47,10 |
IPTABLES="/sbin/iptables" |
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP |
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # WEB Sites allowed for all (no av and no filtering for av_bl users) |
MULTIWAN=`grep ^MULTIWAN $CONF_FILE|cut -d"=" -f2` |
PROXY=`grep ^PROXY= $CONF_FILE|cut -d"=" -f2` |
PROXY_IP=`grep ^PROXY_IP= $CONF_FILE|cut -d"=" -f2` |
nb_gw=`grep ^WAN $CONF_FILE|wc -l` |
# Allow requests to internal DNS if activated |
if [ "$INT_DNS_ACTIVE" = "on" ] |
53,6 → 58,15 |
DNSSERVERS="$DNSSERVERS,$INT_DNS_IP" |
fi |
#ipset name list for load_balancing |
gw_list="gw0" |
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then |
for ((i=1 ; i<=$nb_gw ; i++)); do |
gw_list="${gw_list} gw$i" |
done |
fi |
# Sauvegarde des SET des utilisateurs connectés si ils existent |
# Saving SET of connected users if it exists |
ipset list not_filtered 1>/dev/null 2>&1 |
68,6 → 82,20 |
ipset save proto_3 >> $TMP_users_set_save |
fi |
# Sauvegarde de la liste de toutes les IP déjà connectées pour les réintégrer dans le load balancing |
# Saving all of the already connected IP in order to put them back in the load balancing after |
if [ ! -f $TMP_ip_gw_save ];then |
# Save only if alcasar-network.sh --save has not been executed before |
for i in $gw_list;do |
ipset list $i 1>/dev/null 2>&1 |
if [ $? -eq 0 ] |
then |
# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines execpt the members |
ipset list $i | cut -d":" -f5 | sed '/^[[:space:]]*$/d' >> $TMP_ip_gw_save |
fi |
done |
fi |
# Chargement de la sonde NetFlow (module noyau ipt_NETFLOW) |
# loading of NetFlow probe (ipt_NETFLOW kernel module) |
modprobe ipt_NETFLOW destination=127.0.0.1:2055 |
160,10 → 188,41 |
ipset create proto_3 hash:ip hashsize 1024 |
fi |
#ipsets for load balancing |
for i in $gw_list; do |
ipset create $i hash:ip |
done |
cat $TMP_ip_gw_save | while read ip; do |
gw_min="gw0" |
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2` |
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2` |
#The *1000 is here to avoid working on floats in bash |
gw_min_value=$((1000 * $already / $weight)) |
i=1 |
for gw in $gw_list;do |
if [ "$gw" != "gw0" ]; then |
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'` |
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2` |
value=$((1000 * $already / $weight)) |
if [ $value -lt $gw_min_value ] |
then |
gw_min_value=$value |
gw_min=$gw |
fi |
i=$(($i+1)) |
fi |
done |
ipset add $gw_min $ip |
done |
rm -f $TMP_ip_gw_save |
############################# |
# PREROUTING # |
############################# |
# Marquage (et journalisation) des paquets qui tentent d'accéder directement aux ports d'écoute du proxy HTTP/HTTPS (E2Guardian) pour pouvoir les rejeter en INPUT |
# Mark (and log) the direct attempts to E2guardian listen ports in order to REJECT them in INPUT rules |
# 8080 = ipset av_bl |
196,7 → 255,7 |
# 55 = ipset av_wl |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src -p udp --dport domain -j REDIRECT --to-port 55 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src -p tcp --dport domain -j REDIRECT --to-port 55 |
# 53 = all other users |
# 53 = all other users |
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 53 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 53 |
217,6 → 276,7 |
# Redirection des requêtes HTTP des usagers "av_bl + av_wl + av" vers E2guardian |
# Redirect outbound "av_bl + av_wl +av" users HTTP requests to E2guardian |
# 8080 = ipset av_bl |
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j MARK --set-mark 200 |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080 |
# 8090 = ipset av_wl & av |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8090 |
232,6 → 292,23 |
# Redirect NTP request in local NTP server |
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123 |
#Récupération de la marque associée à une gw pour chaque connection |
$IPTABLES -A PREROUTING -t mangle -j CONNMARK --restore-mark |
if [ "$PROXY" == "on" ] || [ "$PROXY" == "On" ];then |
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p tcp -m multiport --dports http,https -j DNAT --to-destination $PROXY_IP |
fi |
#Marquage pour le load balancing |
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then |
temp_index=200 |
for i in $gw_list; do |
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set $i src -j MARK --set-mark $temp_index |
temp_index=$(($temp_index+1)) |
done |
fi |
############################# |
# INPUT # |
############################# |
242,7 → 319,7 |
$IPTABLES -A OUTPUT -o lo -j ACCEPT |
# Rejet des demandes de connexions non conformes (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN) |
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN) |
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST and NEW not SYN) |
$IPTABLES -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP |
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP |
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP |
455,7 → 532,7 |
# HTTP & HTTPS requests are allowed with netflow log (from E2guardian) |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT |
#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j NETFLOW # When E2guardian will be in HTTPS transparent proxy) |
#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j NETFLOW # When E2guardian will be in HTTPS transparent proxy) |
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j ACCEPT |
# On autorise les requêtes RSYNC sortantes (maj BL de Toulouse) |
489,6 → 566,9 |
# Dynamic NAT on EXTIF |
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE |
#Sauvegarde de la marque associée à la connexion pour le load balancing |
$IPTABLES -A POSTROUTING -t mangle -j CONNMARK --save-mark |
############################# |
# FAIL2BAN # |
############################# |
/scripts/alcasar-network.sh |
---|
0,0 → 1,109 |
#!/bin/bash |
# alcasar-network.sh |
# by Pierre RIVAULT and Rexy |
# This script is distributed under the Gnu General Public License (GPL) |
# Met à jour la configuration réseau conformément au fichier de configuration (alcasar.conf) |
# update network configuration according to alcasar.conf |
CONF_FILE="/usr/local/etc/alcasar.conf" |
TMP_ip_gw_save="/tmp/ipset_ip_gw_save" |
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` |
PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2` |
GW1=`grep ^GW= $CONF_FILE|cut -d"=" -f2` |
MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2` |
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2` |
MULTIWAN=${MULTIWAN:=Off} |
NET="`ipcalc -n $PUBLIC_IP | cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP | cut -d"=" -f2`" |
IP=`echo $PUBLIC_IP | cut -d"/" -f1` |
PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE | cut -d"=" -f2` |
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` |
PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2` |
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24) |
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0) |
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24) |
nb_gw=`grep ^WAN $CONF_FILE | wc -l` |
routecmd="ip route replace default scope global" |
if [ $(whoami) != "root" ]; then |
echo "You must be root to run this!" ; echo ; exit 1 |
fi |
if [ $# -eq 0 ]; then |
args="--apply" |
else |
args=$1 |
fi |
case $args in |
--save) |
rm -f $TMP_ip_gw_save |
# ipset name list for load_balancing |
gw_list="gw0" |
for ((i=1 ; i<=$nb_gw ; i++)); do |
gw_list="${gw_list} gw$i" |
done |
# Saving all of the already connected IP in order to put them back in the load balancing after |
for i in $gw_list;do |
ipset list $i 1>/dev/null 2>&1 |
if [ $? -eq 0 ] |
then |
# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines except the members |
ipset list $i | cut -d":" -f5 | sed '/^[[:space:]]*$/d' >> $TMP_ip_gw_save |
fi |
done |
exit 0 |
;; |
--apply) |
[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF |
# set the new configuration for EXTIF |
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF |
DEVICE=$EXTIF |
BOOTPROTO=static |
IPADDR=$IP |
NETMASK=`ipcalc -m $PUBLIC_IP | cut -d= -f2` |
NETWORK=`ipcalc -n $PUBLIC_IP | cut -d= -f2` |
GATEWAY=$GW1 |
DNS1=127.0.0.1 |
RESOLV_MODS=yes |
ONBOOT=yes |
METRIC=10 |
MII_NOT_SUPPORTED=yes |
IPV6INIT=no |
IPV6TO4INIT=no |
ACCOUNTING=no |
USERCTL=no |
MTU=$MTU |
NOZEROCONF=yes |
EOF |
ifup $EXTIF |
ip route flush ${NET} # Remove the previous route for the network of EXTIF |
ip route delete default scope global # Remove the previous default route |
ip route add ${NET} dev ${EXTIF} src ${IP} # Set the new route for EXTIF network |
ip route add ${NET} dev ${EXTIF} src ${IP} table 200 # Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}` |
ip route add default via ${GW1} table 200 |
routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}" |
ip rule flush # Remove the previous routing rules |
ip rule add from all lookup main pref 32766 # Set back the main rules |
ip rule add from all lookup default pref 32767 # Set back the default rules |
ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200 # Add the rule for the first gateway |
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then |
nb_gw_supp=`grep ^WAN $CONF_FILE|wc -l` |
for ((i=0 ; $i < $nb_gw_supp ; i++)); do |
table=$(($i + 201)) # This number is used to mark the paquets in order to route them to the choosen GW |
GW=`grep ^WAN$(($i + 1))= $CONF_FILE|awk -F'"' '{ print $2 }' | awk -F, '{print $1}'` |
ip route add ${NET} dev ${EXTIF} src ${IP} table $table # Add the others route in their respective tables |
ip route add default via ${GW} table $table |
ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table # Add the rule for each rule depending of the mark set by the firewall |
routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}" # add the added gateway into the default gateway |
done |
fi |
${routecmd} # define the default gateway for outgoing traffic |
ip route flush cache |
exit 0 |
;; |
*) |
exit 1 |
;; |
esac |
Property changes: |
Added: svn:eol-style |
+native |
\ No newline at end of property |
Added: svn:executable |
+* |
\ No newline at end of property |
/scripts/alcasar-rpm-download.sh |
---|
13,7 → 13,7 |
# The kernel version we compile netflow for |
KERNEL="kernel-server-5.10.30-1.mga7-1-1.mga7" |
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ****** |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd clamav clamav-db fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
rpm_repository_sync () |
{ |
/scripts/alcasar-rpm.sh |
---|
18,7 → 18,8 |
# "lsscsi" & nvme-cli" : needed by phpsysinfo |
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh") |
# "sudo" : needed after a reinstallation (to be investigated) |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
# "clamav + clamav-db" : needes because of a mutual dependance |
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat" |
rpm_repository_sync () |
{ |
/scripts/alcasar-uninstall.sh |
---|
289,19 → 289,14 |
post_install () |
{ |
echo -en "(8) : " |
echo -en "(7) : " |
[ -e /etc/mageia-release.default ] && mv -f /etc/mageia-release.default /etc/mageia-release && echo -n "1, " |
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, " |
[ -e /etc/ssh/sshd_config.default ] && mv -f /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, " |
[ -e /etc/bashrc.default ] && mv -f /etc/bashrc.default /etc/bashrc && echo -n "4, " |
[ -e /etc/sudoers.default ] && mv -f /etc/sudoers.default /etc/sudoers && echo -n "5, " |
if [ -e /etc/systemd/system/alcasar-load_balancing.service ] |
then |
rm -f /etc/systemd/system/alcasar-load_balancing.service |
echo -n "6, " |
fi |
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "7, " |
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "8" |
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "6, " |
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "7" |
} |
337,7 → 332,7 |
echo "----------------------------------------------------------------------------" |
echo "** Uninstall/Désinstallation d'ALCASAR **" |
echo "----------------------------------------------------------------------------" |
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli" |
/usr/local/bin/alcasar-logout.sh all # logout everybody |
else |
echo "--------------------------------------------------------------------------" |
344,7 → 339,7 |
echo "** update/mise à jour d'ALCASAR **" |
echo "--------------------------------------------------------------------------" |
# unbound, iptables & sshd should stay on to allow remote update |
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli" |
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update + users stay connected during the update |
fi |
391,7 → 386,7 |
done |
if [ $mode == "full" ] |
then |
echo -en "\n- network(9) : " |
echo -en "\n- network(10) : " |
hostnamectl set-hostname localhost.localdomain |
chmod a-x /etc/sysconfig/network-scripts/default-* |
i=0 |
406,12 → 401,17 |
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, " |
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, " |
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, " |
if [ -e /etc/systemd/system/alcasar-network.service ] |
- then |
- rm -f /etc/systemd/system/alcasar-network.service |
- echo -n "8, " |
- fi |
if [ -e /etc/systemd/system/iptables.service ] |
then |
rm -f /etc/systemd/system/iptables.service |
echo -n "8, " |
echo -n "9, " |
fi |
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "9" |
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "10" |
/usr/bin/systemctl restart network |
sleep 1 |
fi |
/web/acc/admin/network.php |
---|
1,7 → 1,7 |
<?php |
# $Id$ |
// written by steweb57, Rexy & Tom HOUDAYER |
// written by steweb57, Rexy, Tom HOUDAYER & Pierre RIVAULT |
/******************** |
* READ CONF FILES * |
11,6 → 11,8 |
define('ETHERS_INFO_FILE', '/usr/local/etc/alcasar-ethers-info'); |
define('DNS_LOCAL_FILE', '/etc/hosts'); |
define('LETS_ENCRYPT_FILE', '/usr/local/etc/alcasar-letsencrypt'); |
define('TEMP_FILE', '/tmp/alcasar.conf.temp'); |
$conf_files = [CONF_FILE, ETHERS_FILE, ETHERS_INFO_FILE, DNS_LOCAL_FILE, LETS_ENCRYPT_FILE]; |
// Files reading test |
98,6 → 100,14 |
$l_renew = "Renouveller"; |
$l_renew_force = "Renouveller (forcer)"; |
$l_previous_LE_cert = "Revenir au certificat Let's Encrypt :"; |
$l_gw_weight = "Poids"; |
$l_error = "Erreur"; |
$l_error_bad_ip = "Ceci n'est pas une adresse IP valide"; |
$l_error_bad_ip_CIDR = "Ceci n'est pas une adresse CIDR valide"; |
$l_error_bad_ip_port = "Ceci n'est pas une adresse IP + port valide"; |
$l_error_weight = "Ceci n'est pas un poids valide"; |
$l_change_successful = "Changement effectué avec succès"; |
} else if ($Language === 'es') { |
$l_network_title = "Configuración de Red"; |
$l_internet_legend = "INTERNET"; |
153,6 → 163,13 |
$l_renew = "Renovar"; |
$l_renew_force = "Renovar (forzado)"; |
$l_previous_LE_cert = "Volver al certificado de Let's Encrypt :"; |
$l_gw_weight = "";/*TODO Traduction espagnole*/ |
$l_error = "";/*TODO Traduction espagnole*/ |
$l_error_bad_ip = "";/*TODO Traduction espagnole*/ |
$l_error_bad_ip_CIDR = "";/*TODO Traduction espagnole*/ |
$l_error_bad_ip_port = "";/*TODO Traduction espagnole*/ |
$l_error_weight = "";/*TODO Traduction espagnole*/ |
$l_change_successful = "";/*TODO Traduction espagnole*/ |
} else { |
$l_network_title = "Network configuration"; |
$l_internet_legend = "INTERNET"; |
208,15 → 225,24 |
$l_renew = "Renew"; |
$l_renew_force = "Renew (force)"; |
$l_previous_LE_cert = "Back to the Let's Encrypt certificate :"; |
$l_gw_weight = "Weight"; |
$l_error = "Error"; |
$l_error_bad_ip = "This is not a valid IP"; |
$l_error_bad_ip_CIDR = "This is not a valid CIDR IP"; |
$l_error_bad_ip_port = "This is not a valid IP + port"; |
$l_error_weight = "This is not a valid weight"; |
$l_change_successful = "Network updated successfully"; |
} |
$reg_ip = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/'; |
$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/'; |
$reg_ip_port = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\:([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))$/'; |
$reg_mac = '/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/'; |
$reg_host = '/^[a-zA-Z0-9-_]+$/'; |
$reg_weight = '/^[0-9]*$/'; |
$ext_conf_error = false; |
$choix = (isset($_POST['choix'])) ? $_POST['choix'] : ''; |
switch ($choix) { |
case 'DHCP_On': |
exec('sudo /usr/local/bin/alcasar-dhcp.sh -on'); |
226,7 → 252,6 |
exec('sudo /usr/local/bin/alcasar-dhcp.sh -off'); |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
case 'new_mac': |
$new_mac_addr = trim($_POST['add_mac']); |
$new_ip_addr = trim($_POST['add_ip']); |
274,7 → 299,6 |
} |
header('Location: '.$_SERVER['PHP_SELF']); |
exit(); |
case 'new_host': |
$add_host = trim($_POST['add_host']); |
$add_ip = trim($_POST['add_ip']); |
340,7 → 364,6 |
} |
} |
break; |
case 'https_login': // Set HTTPS login status |
if ($_POST['https_login'] === 'on') { |
exec('sudo /usr/local/bin/alcasar-https.sh --on'); |
353,33 → 376,183 |
// Network changes |
if ($choix === 'network_change') { |
$network_modification = false; |
exec('sudo /usr/local/bin/alcasar-network.sh --save'); |
$modification_network = false; |
$modification_dns = false; |
$modification_proxy = false; |
$ext_conf_error_list = []; |
copy(CONF_FILE, TEMP_FILE); |
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1']) && preg_match($reg_ip, $_POST['dns1'])) { |
file_put_contents(CONF_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1'])) { |
if (!preg_match($reg_ip, $_POST['dns1'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns1.': '.$l_error_bad_ip; |
} |
file_put_contents(TEMP_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(TEMP_FILE))); |
$modification_dns = true; |
} |
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2']) && preg_match($reg_ip, $_POST['dns2'])) { |
file_put_contents(CONF_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2'])) { |
if (!preg_match($reg_ip, $_POST['dns2'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns2.': '.$l_error_bad_ip; |
} |
file_put_contents(TEMP_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(TEMP_FILE))); |
$modification_dns = true; |
} |
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP']) && preg_match($reg_ip_cidr, $_POST['ip_public'])) { |
file_put_contents(CONF_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP'])) { |
if (!preg_match($reg_ip_cidr, $_POST['ip_private'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' LAN: '.$l_error_bad_ip_CIDR; |
} |
file_put_contents(TEMP_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP'])) { |
if (!preg_match($reg_ip_cidr, $_POST['ip_public'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' WAN: '.$l_error_bad_ip_CIDR; |
} |
file_put_contents(TEMP_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW']) && preg_match($reg_ip, $_POST['ip_gw'])) { |
file_put_contents(CONF_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
} |
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP']) && preg_match($reg_ip_cidr, $_POST['ip_private'])) { |
file_put_contents(CONF_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(CONF_FILE))); |
$network_modification = true; |
} |
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW'])) { |
if (!preg_match($reg_ip, $_POST['ip_gw'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' 1: '.$l_error_bad_ip; |
} |
file_put_contents(TEMP_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
if (isset($_POST['enable_proxy']) && $_POST['enable_proxy'] == 'P_Enabled') |
{ |
if ($conf['PROXY'] !== 'On') |
{ |
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=On', file_get_contents(TEMP_FILE))); |
$modification_proxy = true; |
} |
if (isset($_POST['proxy']) && (trim($_POST['proxy']) !== $conf['PROXY_IP'])) { |
if (!preg_match($reg_ip_port, $_POST['proxy'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': Proxy: '.$l_error_bad_ip_port; |
} |
file_put_contents(TEMP_FILE, str_replace('PROXY_IP='.$conf['PROXY_IP'], 'PROXY_IP='.trim($_POST['proxy']), file_get_contents(TEMP_FILE))); |
$modification_proxy = true; |
} |
if ($conf['MULTIWAN'] !== 'Off') |
{ |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
} |
else |
{ |
//set multiwan value to off and delete every "WANx=" line |
if ($_POST['gw_count'] === "1" && $conf['MULTIWAN'] !== 'Off') |
{ |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE))); |
$temp = 1; |
while (isset($conf['WAN'.$temp])) |
{ |
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE))); |
$temp++; |
} |
$modification_network = true; |
} |
if ($_POST['gw_count'] !== "1") |
{ |
$changed = false; |
//testing the existence of a change in the routing configuration |
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nb_gw); |
if ($_POST['gw_count'] == ($nb_gw[0] + 1)) |
{ |
if ($_POST['weight'] !== $conf['PUBLIC_WEIGHT']) { |
$changed = true; |
} |
else { |
for($i=1;$i<$_POST['gw_count'];$i++) |
{ |
if( '"'.$_POST['ip_gw_'.$i].','.$_POST['weight_'.$i].'"' != $conf['WAN'.$i]) |
{ |
$changed = true; |
break; |
} |
} |
} |
} |
else |
{ |
$changed = true; |
} |
if ($network_modification) { |
exec('sudo /usr/local/bin/alcasar-conf.sh -apply'); |
} |
if ($changed == true) |
{ |
//deleting all the old lines containing "WANx=" |
$temp = 1; |
while (isset($conf['WAN'.$temp])) |
{ |
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE))); |
$temp++; |
} |
//setting back the line "WAN1=" which will be our base |
if (!preg_match($reg_weight, $_POST['weight'])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' 1: '.$l_error_weight; |
} |
file_put_contents(TEMP_FILE, str_replace('PUBLIC_WEIGHT='.$conf['PUBLIC_WEIGHT'], 'PUBLIC_WEIGHT='.(($_POST['weight'] !== '')?$_POST['weight']:1), file_get_contents(TEMP_FILE))); |
//Set Multiwan status |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], "MULTIWAN=On\nWAN1=", file_get_contents(TEMP_FILE))); |
//Adding the correct number of "WANx=" lines, numbered |
for($i=2;$i<$_POST['gw_count'];$i++) |
{ |
file_put_contents(TEMP_FILE, str_replace('WAN'.($i-1).'=', 'WAN'.($i-1)."=\nWAN".$i.'=', file_get_contents(TEMP_FILE))); |
} |
//Adding the content |
for($i=1;$i<$_POST['gw_count'];$i++) |
{ |
if (!preg_match($reg_ip, $_POST['ip_gw_'.$i])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' '.($i+1).': '.$l_error_bad_ip; |
} |
if (!preg_match($reg_weight, $_POST['weight_'.$i])) { |
$ext_conf_error = true; |
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' '.($i+1).': '.$l_error_weight; |
} |
file_put_contents(TEMP_FILE, str_replace('WAN'.$i.'=', 'WAN'.$i.'="'.$_POST['ip_gw_'.$i].','.(($_POST['weight_'.$i] === "0" || $_POST['weight_'.$i] === "")?"1":$_POST['weight_'.$i]).'"', file_get_contents(TEMP_FILE))); |
} |
$modification_network = true; |
} |
} |
//set proxy value to off |
if ($conf['PROXY'] !== 'Off') |
{ |
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=Off', file_get_contents(TEMP_FILE))); |
if($_POST['gw_count'] !== "1" && $conf['MULTIWAN'] !== 'On') { |
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=On', file_get_contents(TEMP_FILE))); |
$modification_network = true; |
} |
$modification_proxy = true; |
} |
} |
//if no errors are detected |
if ($ext_conf_error == false) { |
copy(TEMP_FILE, CONF_FILE); |
//DNS values modification, several services needs to be reloading, reloads the full server. |
if ($modification_dns) { |
exec('sudo /usr/local/bin/alcasar-conf.sh -apply'); |
} |
//External network modifications, no service reloading |
if ($modification_network) { |
exec('sudo /usr/local/bin/alcasar-network.sh'); |
exec('sudo /usr/local/bin/alcasar-iptables.sh'); |
} |
//If only the proxy has been modified, only the firewall needs a change |
else if ($modification_proxy) { |
exec('sudo /usr/local/bin/alcasar-iptables.sh'); |
} |
} |
unlink(TEMP_FILE); |
// Read CONF_FILE updated |
$file_conf = fopen(CONF_FILE, 'r'); |
if (!$file_conf) { |
453,18 → 626,33 |
$internet_publicIP = '-.-.-.-'; |
} |
// Network interfaces |
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['EXTIF'], $conf['INTIF']]; |
// Network interfaces, will be use later for multiple LAN interfaces |
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['INTIF']]; |
exec("ip -o link show | awk -F': ' '{print $2}' | sed '/^" . implode('\\|', $interfacesIgnored) . "$/d'", $interfacesAvailable); |
// TODO: Pending the next version |
$externalNetworks = [ |
//retreive gateway(s) parameters |
$gateways = [ |
(object) [ |
'interface' => $conf['EXTIF'], |
'ip' => $conf['PUBLIC_IP'], |
'gateway' => $conf['GW'] |
'gateway' => $conf['GW'], |
'weight' => $conf['PUBLIC_WEIGHT'] |
] |
]; |
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nbIfaces); |
if ($nbIfaces > 0) |
{ |
for ($i = 1; $i <= $nbIfaces[0]; $i++) { |
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $1 }'", $temp_gw); |
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $2 }'", $temp_weight); |
$gateways[] = (object) [ |
'gateway' => $temp_gw[0], |
'weight' => $temp_weight[0] |
]; |
$temp_gw = ""; |
$temp_weight = ""; |
} |
} |
//retreive internal networks parameters |
$internalNetworks = [ |
(object) [ |
'interface' => $conf['INTIF'], |
510,7 → 698,7 |
width: 30%; |
} |
.network-configurator .actions { |
position: absolute; |
position: absolute; |
background-color: #ddd; |
padding: 0 2px; |
} |
520,10 → 708,11 |
.network-configurator .actions a:hover { |
font-weight: bold; |
} |
.network-configurator > .alcasar .actions-externals { |
bottom: 0; |
left: 0; |
border-radius: 0 5px; |
.network-configurator .actions-externals { |
right: 0; |
border-radius: 5px; |
position: relative; |
text-decoration: none; |
} |
.network-configurator > .alcasar .actions-internals { |
bottom: 0; |
531,9 → 720,10 |
border-radius: 5px 0; |
} |
.network-configurator .actions-network { |
top: 0; |
right: 0; |
border-radius: 0 5px; |
border-radius: 5px; |
position: relative; |
text-decoration: none; |
} |
.network-configurator .network-box { |
display: inline-block; |
558,10 → 748,10 |
background-color: black; |
} |
.network-configurator .network-connector[data-connector-direction="left"] { |
border-radius: 5px 0px 0px 5px; |
border-radius: 5px 0 0 5px; |
} |
.network-configurator .network-connector[data-connector-direction="right"] { |
border-radius: 0px 5px 5px 0px; |
border-radius: 0 5px 5px 0; |
} |
.network-configurator div[data-network-type] { |
position: relative; |
569,39 → 759,30 |
</style> |
<script> |
$(document).ready(function () { |
const interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>; |
const wireStyles = { |
available: { border: '5px double green' } |
}; |
setTimeout(function(){$("#change_success").fadeOut('normal');}, 10000); |
// Add external network |
$('.network-configurator .add-external-network').click(function (event) { |
//Will be used later for multiple LAN interfaces |
let interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>; |
const wireStyles = { available: { border: '5px double green' } }; |
// Add gateway |
$('.network-configurator').on('click', '.add-external-network', function (event) { |
event.preventDefault(); |
let options = ''; |
if (interfacesAvailable.length === 0) { |
options = '<option value=""></option>'; |
} else { |
for (let i = 0; i < interfacesAvailable.length; i++) { |
options += '<option value="' + interfacesAvailable[i] + '">' + interfacesAvailable[i] + '</option>'; |
} |
} |
$('.network-configurator .externals').append(' \ |
<div data-network-type="external"> \ |
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div> \ |
<div class="network-box"> \ |
<div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> \ |
<label for="ext_interface_X"><?= 'Interface' ?></label> <select name="interface" id="ext_interface_X">' + options + '</select><br> \ |
<label for="ext_ip_X"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_X" value="" /><br> \ |
<label for="ext_gateway_X"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_X" value="" /> \ |
</div> \ |
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div> \ |
</div>'); |
addWire($('div[data-network-type="external"]:last')); |
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value')); |
$('.network-configurator .externals .network-box #ext_gateways').append(' \ |
<div id="ip_routeur_' + ifaces_count + '" data-info_type="gateway" data-number="'+ ifaces_count +'">\ |
<label for="ext_gateway_' + ifaces_count + '"><?= $l_ip_router.' ' ?></label><span class="gw_number">'+ (ifaces_count + 1) +'</span> <input style="width:100px" type="text" name="ip_gw_' + ifaces_count + '" id="ext_gateway_' + ifaces_count + '" value="" /> \ |
<label for="ext_weight_'+ ifaces_count +'"><?= $l_gw_weight ?></label> <input style="width:20px" type="text" name="weight_' + ifaces_count + '" id="ext_weight_'+ ifaces_count +'" value="0"/> \ |
<div class="actions actions-network" style="display:inline-block; width:11px"><a href="#" style="display:block; text-align:center" class="remove-network" title="Supprimer ce réseau">-</a></div><br></div> '); |
ifaces_count++; |
document.getElementById("gw_count").setAttribute('value', ifaces_count); |
updateGatewayView(); |
$('div.network-connector[data-connector-network]').connections('update'); |
}); |
// Add internal network |
$('.network-configurator .add-internal-network').click(function (event) { |
$('.network-configurator').on('click', '.add-internal-network', function (event) { |
event.preventDefault(); |
$('.network-configurator .internals').append(' \ |
<div data-network-type="internal"> \ |
615,38 → 796,123 |
addWire($('div[data-network-type="internal"]:last')); |
}); |
// Remove network |
$('.network-configurator').on('click', '.remove-network', function (event) { |
// Remove gateway |
$('.network-box').on('click', '.remove-network', function (event) { |
event.preventDefault(); |
$(this).parent().parent().parent().fadeOut(200, function() { |
const networkType = $(this).data('networkType'); |
$(this).remove(); |
$(this).parent().parent().fadeOut(200, function() { |
// Update wires |
if (networkType === 'external') { |
$('div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]').connections('update'); |
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]').connections('update'); |
} else if (networkType === 'internal') { |
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]').connections('update'); |
} |
$(this).remove(); |
//update network numbers |
$('div[data-info_type="gateway"]').each(function (index, value) { |
updateGatewayNumbers($(this), index); |
}); |
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value')); |
document.getElementById("gw_count").setAttribute('value', (ifaces_count - 1)); |
updateGatewayView(); |
$('div.network-connector[data-connector-network]').connections('update'); |
}); |
}); |
//proxy enabled or disabled |
$('.network-configurator').on('click', '.enable_proxy', function(event){ |
if ($(this).is(':checked')) |
{ |
document.getElementById("add_external").setAttribute('hidden', 'true'); |
document.getElementById("ext_proxy").removeAttribute('disabled'); |
$('div[id="ip_routeur_0"]').children('span').html(''); |
$('div[data-info_type="gateway"]').each(function(index, value) { |
if ($(this).attr('data-number') !== "0") |
{ |
$(this).attr('hidden', 'true'); |
} |
else |
{ |
$(this).children('input[id="ext_weight_0"]').attr('hidden', 'true'); |
$(this).children('label[for="ext_weight_0"]').attr('hidden', 'true'); |
$(this).children('div[class="actions actions-network"]').css('display', 'none'); |
} |
}); |
} |
else |
{ |
document.getElementById("add_external").removeAttribute('hidden'); |
document.getElementById("ext_proxy").setAttribute('disabled', 'true'); |
$('div[id="ip_routeur_0"]').children('span').html('1'); |
$('div[data-info_type="gateway"]').each(function(index, value) { |
if ($(this).attr('data-number') !== "0") |
{ |
$(this).removeAttr('hidden'); |
} |
else |
{ |
$(this).children('input[id="ext_weight_0"]').removeAttr('hidden'); |
$(this).children('label[for="ext_weight_0"]').removeAttr('hidden'); |
$(this).children('div[class="actions actions-network"]').css('display', 'inline-block'); |
} |
}); |
updateGatewayView(); |
} |
$('div.network-connector[data-connector-network]').connections('update'); |
}); |
//Add a wire between two connectors |
const addWire = function (network) { |
const networkType = network.data('networkType'); |
if (networkType === 'external') { |
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="internet"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' }); |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="external"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' }); |
} else if (networkType === 'internal') { |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: 'div[data-network-type="internal"]>div.network-connector[data-connector-network="internal"]:last', css: wireStyles.available, within: 'div[data-network-type="internal"]:last' }); |
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: network.children('div.network-connector[data-connector-network="internet"]'), css: wireStyles.available, within: network }); |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: network.children('div.network-connector[data-connector-network="external"]'), css: wireStyles.available, within: network }); |
} else if (networkType === 'internal') { |
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: network.children('div.network-connector[data-connector-network="internal"]'), css: wireStyles.available, within: network }); |
} |
}; |
//reindex the gateway numbers when a gateway is deleted |
const updateGatewayNumbers = function(gateway, number) { |
old_number = gateway.attr('data-number'); |
gateway.attr('data-number', number); |
gateway.attr('id', 'ip_routeur_'+number); |
if (number === 0) |
{ |
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw'); |
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight'); |
} |
else |
{ |
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw_'+number); |
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight_'+number); |
} |
gateway.children('label[for="ext_gateway_'+old_number+'"]').attr('for', 'ext_gateway_'+number); |
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('id', 'ext_gateway_'+number); |
gateway.children('label[for="ext_weight_'+old_number+'"]').attr('for', 'ext_weight_'+number); |
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('id', 'ext_weight_'+number); |
gateway.children('span[class="gw_number"]').html((number+1)+' '); |
}; |
//hide the delete button and the weight field when there is only one gateway (or when there is a proxy) |
const updateGatewayView = function() { |
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value')); |
if (ifaces_count === 1) |
{ |
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').attr('hidden', 'true'); |
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').attr('hidden', 'true'); |
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'none'); |
} |
else |
{ |
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').removeAttr('hidden'); |
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').removeAttr('hidden'); |
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'inline-block'); |
} |
}; |
//resize the connections to fit the window |
window.addEventListener('resize', function () { |
$('div.network-connector[data-connector-network]').connections('update'); |
}); |
// Add wires to existing networks |
// Add wires to existing networks at page first render |
$('div[data-network-type="external"]').add('div[data-network-type="internal"]').each(function (index, element) { |
addWire($(this)); |
}); |
669,26 → 935,49 |
</div> |
<div class="network-connector" data-connector-network="internet" data-connector-direction="right"></div> |
</div> |
</div><div class="externals"> |
<?php foreach ($externalNetworks as $index => $network): ?> |
</div><div id="externals_id" class="externals"> |
<div data-network-type="external"> |
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div> |
<div class="network-box"> |
<!-- <div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> --> |
<label for="ext_interface_<?= $index ?>"><?= 'Interface' ?></label> <select name="ext_interface[<?= $index ?>]" id="ext_interface_<?= $index ?>" disabled><option value="<?= $network->interface ?>"><?= $network->interface ?></option></select><br> |
<label for="ext_ip_<?= $index ?>"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_<?= $index ?>" value="<?= $network->ip ?>" /><br> |
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" /> |
</div> |
<label for="ext_interface">Interface</label> <input name="ext_interface" id="ext_interface" value="<?= $conf['EXTIF'] ?>" disabled="disabled"/><br> |
<label for="ext_ip"><?= $l_ip_address ?></label> <input style="width:130px" type="text" name="ip_public" id="ext_ip" value="<?= $conf['PUBLIC_IP'] ?>" /><br> |
<input class="enable_proxy" type="checkbox" name="enable_proxy" value="P_Enabled" <?php if($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On') { echo 'checked'; }?>/> |
<label for="proxy">Proxy</label> <input style="width:140px" type="text" name="proxy" id="ext_proxy" value=<?= $conf['PROXY_IP']?> <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? '' : 'disabled'?>/><br> |
<div id="ext_gateways" > |
<input type="text" name="gw_count" id="gw_count" value="<?=count($gateways)?>" hidden="hidden"/> |
<?php foreach ($gateways as $index => $network): |
if ($index == 0) {?> |
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>"> |
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label> |
<span class="gw_number"><?= ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')?'':($index+1) ?> </span> |
<input style="width:100px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" /> |
<label for="ext_weight_<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>><?= $l_gw_weight ?></label> |
<input style="width:20px" type="text" name="weight" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On' || $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>/> |
<div class="actions actions-network" style="display: <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'none' : 'inline-block' ?>; width:11px"> |
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a> |
</div><br> |
</div> |
<?php } else {?> |
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>> |
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label> |
<span class="gw_number"><?= ($index+1) ?> </span> |
<input style="width:100px" type="text" name="ip_gw_<?= $index ?>" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>"/> |
<label for="ext_weight_<?= $index ?>"><?= $l_gw_weight ?></label> |
<input style="width:20px" type="text" name="weight_<?= $index ?>" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>"/> |
<div class="actions actions-network" style="display:inline-block; width:11px"> |
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a> |
</div><br> |
</div> |
<?php } endforeach; ?> |
</div> |
<div class="actions actions-externals" style="margin: 0 auto; width:11px"><a id="add_external" href="#" class="add-external-network" title="Ajouter un réseau externe" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>>+</a></div> |
</div> |
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div> |
</div> |
<? endforeach; ?> |
</div><div class="alcasar"> |
<div data-network-type="alcasar"> |
<div class="network-connector" data-connector-network="external" data-connector-direction="left"></div> |
<div class="network-box"> |
<!-- <div class="actions actions-externals"> |
<div><a href="#" class="add-external-network" title="Ajouter un réseau externe">+</a></div> |
</div> --> |
<div class="alcasar-logo"><img src="/images/logo-alcasar.png" style="width: 100px;height: 100px;"></div> |
<!-- <div class="actions actions-internals"> |
<div><a href="#" class="add-internal-network" title="Ajouter un réseau interne">+</a></div> |
697,7 → 986,7 |
</div> |
<div class="network-connector" data-connector-network="internal" data-connector-direction="right"></div> |
</div> |
</div><div class="internals"> |
</div><div id="internals_id" class="internals" data-count="1"> |
<?php foreach ($internalNetworks as $network): ?> |
<div data-network-type="internal"> |
<div class="network-connector" data-connector-network="internal" data-connector-direction="left"></div> |
710,6 → 999,18 |
<? endforeach; ?> |
</div> |
</div> |
<?php if ($ext_conf_error == true) { |
echo '<span style="color:red">'; |
$temp = 0; |
while (isset($ext_conf_error_list[$temp])) { |
echo $ext_conf_error_list[$temp].'<br>'; |
$temp++; |
} |
echo '</span>'; |
} |
else if (($choix === 'network_change') && ($modification_proxy || $modification_dns || $modification_network)) { |
echo '<span id="change_success" style="color:green">'.$l_change_successful.'</span>'; |
}?> |
<hr> |
<div style="text-align: center; margin: 5px"> |
<input type="hidden" name="choix" value="network_change"> |
741,6 → 1042,7 |
$mac_addr = $fields[0]; |
$ip_addr = $fields[1]; |
$info = (isset($fields[2])) ? implode(' ', array_slice($fields, 2)) : ' '; |
echo '<tr>'; |
echo "<td>$mac_addr</td>"; |
echo "<td>$ip_addr</td>"; |
/web/intercept.php |
---|
111,7 → 111,7 |
$l_reply_6 = "Se ha alcanzado su tiempo de conexión autorizado"; |
$l_online_time = "Tiempo en linea"; |
$l_remaining_time = "Tiempo restante"; |
$l_uam_domain = "Sitios web autorizados : "; |
$l_uam_domain = "Sitios de libre acceso : "; |
$l_autoregistration = "Registo automático"; |
} else if ($Language === 'pt') { // Portuguese |
$l_ChilliError = "A autenticação precisa ser bem sucedida através do portal."; |
145,7 → 145,7 |
$l_reply_6 = "Seu tempo de conexão autorizada finalizou"; |
$l_online_time = "Tempo Online"; |
$l_remaining_time = "Tempo restante"; |
$l_uam_domain = "Sites autorizados : "; |
$l_uam_domain = "Sítios de acesso livre : "; |
$l_autoregistration = "Registo automático"; |
} else if ($Language === 'zh') { // Chinese |
$l_ChilliError = "验证必须通过强制门户服务"; |
179,7 → 179,7 |
$l_reply_6 = "已经到达您的允许连接时间"; |
$l_online_time = "在线时间"; |
$l_remaining_time = "剩余时间"; |
$l_uam_domain = "授权网站 : "; |
$l_uam_domain = " : "; |
$l_autoregistration = "短信注册"; |
} else if ($Language === 'ar') { // Arabic |
$l_ChilliError = "يجب نجاح المصادقة على البوابة الأسيرة"; |
213,7 → 213,7 |
$l_reply_6 = "استكملت مذة الإتصال المسموحة"; |
$l_online_time = "مذة الإتصال"; |
$l_remaining_time = "الوقت المتبق"; |
$l_uam_domain = ":المواقع المسموحة "; |
$l_uam_domain = "مواقع الوصول المجاني"; |
$l_autoregistration = "تسجيل ذاتي (SMS)"; |
} else if ($Language === 'de') { // German |
$l_ChilliError = "Sie wurden erfolgreich durch das Portal authentifiziert."; |
247,7 → 247,7 |
$l_reply_6 = "Ihre maximale Verbindungszeit wurde erreicht"; |
$l_online_time = "Online-Zeit"; |
$l_remaining_time = "Verbleibende Zeit"; |
$l_uam_domain = "Authorisierte Webseiten : "; |
$l_uam_domain = "Offen zugängliche Seiten : "; |
$l_autoregistration = "Automatische Registrierung"; |
} else if ($Language === 'nl') { // Dutch |
$l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst."; |
281,7 → 281,7 |
$l_reply_6 = "Your authorized connexion time has been reached"; |
$l_online_time = "Online tijd"; |
$l_remaining_time = "Reterende tijd"; |
$l_uam_domain = "Geautoriseerde website : "; |
$l_uam_domain = "Sites met open toegang : "; |
$l_autoregistration = "Automatische registratie"; |
} else if ($Language === 'fr') { // French |
$l_ChilliError = "L'authentification doit être réussie sur le portail captif."; |
315,7 → 315,7 |
$l_reply_6 = "Votre durée de connexion autorisée a été atteinte"; |
$l_online_time = "Temps de connexion"; |
$l_remaining_time = "Temps restant"; |
$l_uam_domain = "Sites autorisés : "; |
$l_uam_domain = "Sites en accès libre : "; |
$l_autoregistration = "Auto enregistrement (sms)"; |
} else { // English |
$l_ChilliError = "The authentication must be successful through the captive portal service."; |
349,7 → 349,7 |
$l_reply_6 = "Your authorized connexion time has been reached"; |
$l_online_time = "Online time"; |
$l_remaining_time = "Remaining time"; |
$l_uam_domain = "Authorized websites : "; |
$l_uam_domain = "Open access websites : "; |
$l_autoregistration = "Auto registration (sms)"; |
} |