Subversion Repositories ALCASAR

Compare Revisions

No changes between revisions

Ignore whitespace Rev 2955 → Rev 2956

/CHANGELOG
1,11 → 1,14
# $Id$
 
********** ALCASAR CHANGELOG **********
-------------------- 3.5.4 --------------------
NEWS
- Multi-WAN access with load balancing per user (Thx to Pierre RIVAULT for this great job)
CHANGES
BUGS
- Fix local DNS configuration when installing in dhcp mode
- Fix a display bug for web sites in exception (Thx to Olivier C).
- Fix
-------------------- 3.5.3 --------------------
NEWS
- WIFI4EU automatic integration via ACC
/VERSION
1,0 → 0,0
3.5.3
3.5.4b
/alcasar.sh
600,6 → 600,9
fi
echo "DNS1=$DNS1" >> $CONF_FILE
echo "DNS2=$DNS2" >> $CONF_FILE
echo "PROXY=off" >> $CONF_FILE
echo "PROXY_IP=\"192.168.0.100:80\"" >> $CONF_FILE
echo "PUBLIC_WEIGHT=1" >> $CONF_FILE
echo "PUBLIC_MTU=$MTU" >> $CONF_FILE
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
742,8 → 745,33
$SED 's/ExecStart=\/usr\/libexec\/iptables.init start/ExecStart=\/usr\/local\/bin\/alcasar-iptables.sh/' /etc/systemd/system/iptables.service
[ -e /usr/libexec/iptables.init.default ] || cp /usr/libexec/iptables.init /usr/libexec/iptables.init.default
$SED "s?\[ -f \$IPTABLES_CONFIG \] .*?#&?" /usr/libexec/iptables.init # comment the test (flush all rules & policies)
# create the alcasar-network unit
cat << EOF > /etc/systemd/system/alcasar-network.service
# This file is part of systemd.
#
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is launched at the end in order to allow update via ssh
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit starts alcasar-network.sh script.
[Unit]
Description=alcasar-network.sh execution
After=network.target iptables.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=$DIR_DEST_BIN/alcasar-network.sh
ExecStop=$DIR_DEST_BIN/alcasar-network.sh
TimeoutSec=0
 
[Install]
WantedBy=multi-user.target
EOF
/usr/bin/systemctl daemon-reload
 
# the script "$DIR_DEST_BIN/alcasar-iptables.sh" is started at the end of this script in order not to cut network flow in case of using ssh
} # End of network()
 
##################################################################
2164,11 → 2192,10
echo "LDAP_CERT_REQUIRED=" >> $CONF_FILE
echo "SMS=off" >> $CONF_FILE
echo "SMS_NUM=" >> $CONF_FILE
echo "## MULTIWAN : WANx=@IPx,Weightx" >> $CONF_FILE
echo "MULTIWAN=off" >> $CONF_FILE
echo "FAILOVER=30" >> $CONF_FILE
echo "## WANx=active,@IPx/mask,GWx,Weight,MTUx" >> $CONF_FILE
echo "#WAN1=\"1,$EXTIF:1,192.168.2.20/24,192.168.2.6,1,1500\"" >> $CONF_FILE
echo "#WAN2=\"1,$EXTIF:2,192.168.3.20/24,192.168.3.1,2,1500\"" >> $CONF_FILE
echo "#WAN1=\"192.168.0.250,1\"" >> $CONF_FILE
echo "#WAN2=\"192.168.0.251,1\"" >> $CONF_FILE
echo "BL_PUREIP=on" >> $CONF_FILE
echo "BL_SAFESEARCH=off" >> $CONF_FILE
echo "WL_SAFESEARCH=off" >> $CONF_FILE
2194,33 → 2221,9
do
find /var/log/$dir -type f -name "*.log-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]" -exec gzip {} \;
done
# create the alcasar-load_balancing unit
cat << EOF > /etc/systemd/system/alcasar-load_balancing.service
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
 
# This unit lauches alcasar-load-balancing.sh script.
[Unit]
Description=alcasar-load_balancing.sh execution
After=network.target iptables.service
 
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=$DIR_DEST_BIN/alcasar-load_balancing.sh start
ExecStop=$DIR_DEST_BIN/alcasar-load_balancing.sh stop
TimeoutSec=0
 
[Install]
WantedBy=multi-user.target
EOF
/usr/bin/systemctl daemon-reload
# processes launched at boot time (Systemctl)
for i in alcasar-load_balancing mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
# processes started at boot time (Systemctl)
for i in alcasar-network mysqld lighttpd php-fpm ntpd iptables unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole radiusd nfcapd e2guardian clamav-daemon clamav-freshclam ulogd-ssh ulogd-traceability ulogd-ext-access chilli fail2ban vnstat sshd
do
/usr/bin/systemctl -q enable $i.service
done
2388,10 → 2391,6
fi
done
# RPMs install
if [ "$mode" == "update" ] # to avoid updating unbound during the V5.3.3 update (to be removed after this version)
then
echo "/^unbound/" >> /etc/urpmi/skip.list
fi
$DIR_SCRIPTS/alcasar-rpm.sh
if [ "$?" != "0" ]
then
2428,7 → 2427,7
UPD_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f3|cut -c1`
if [ $Lang == "fr" ]
then echo "Le fichier de configuration d'une version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION a été trouvé";
else echo "The configuration file of an old version has been found";
else echo "The configuration file of a version $MAJ_PREVIOUS_VERSION.$MIN_PREVIOUS_VERSION.$UPD_PREVIOUS_VERSION has been found";
fi
response=0
PTN='^[oOnNyY]?$'
/conf/etc/alcasar-iptables-local.sh
33,8 → 33,8
 
# On autorise le ping (echo & request) (ICMP N°0 & 8) en provenance d'Internet vers ALCASAR
# Allow ping (echo & request) (ICMP N°0 & 8) from Internet
#$IPTABLES -A INPUT -i $EXTIF -s $Admin_from_IP -p icmp --icmp-type 8 -j ACCEPT
#$IPTABLES -A OUTPUT -o $EXTIF -d $Admin_from_IP -p icmp --icmp-type 0 -j ACCEPT
#$IPTABLES -A INPUT -i $EXTIF -p icmp --icmp-type 8 -j ACCEPT
#$IPTABLES -A OUTPUT -o $EXTIF -p icmp --icmp-type 0 -j ACCEPT
 
# On autorise ALCASAR a accéder à un serveur MAIL local (envoie de rapports, alertes, etc.)
# Allow ALCASAR to conect to a local mail server (send reports, alerts, etc.)
/conf/sudoers
13,25 → 13,25
User_Alias SMS=gammu_smsd # gammu-smsd owner
 
# Cmnd alias specification
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh # network commands
Cmnd_Alias NET=/sbin/ip,/sbin/arping,/sbin/arp,/usr/sbin/tcpdump,/usr/local/bin/alcasar-watchdog.sh,/usr/local/bin/alcasar-dhcp.sh,/usr/local/bin/alcasar-dns-local.sh,/usr/local/bin/alcasar-network.sh # network commands
Cmnd_Alias URPMI=/usr/sbin/urpmi,/usr/sbin/urpmi.update # packages managment
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias BYPASS=/usr/local/bin/alcasar-bypass.sh # authentication bypass
Cmnd_Alias RADDB=/usr/bin/radwho,/usr/sbin/chilli_query # manage users in command line
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database
Cmnd_Alias SQL=/usr/local/bin/alcasar-mysql.sh # export users database
Cmnd_Alias SYSTEM_BACKUP=/usr/local/bin/alcasar-conf.sh # create conf backup file
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files
Cmnd_Alias EXPORT=/usr/local/bin/alcasar-archive.sh # export/save the log files
Cmnd_Alias BL=/usr/local/bin/alcasar-bl.sh,/usr/local/bin/alcasar-file-clean.sh,/usr/local/bin/alcasar-url_filter_wl.sh,/usr/local/bin/alcasar-url_filter_bl.sh # manage the filtering system
Cmnd_Alias NF=/usr/local/bin/alcasar-iptables.sh,/usr/sbin/ipset # manage the firewall
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed)
Cmnd_Alias LOGOUT=/usr/local/bin/alcasar-logout.sh # disconnect the users
Cmnd_Alias UAM=/usr/local/bin/alcasar-uamallowed.sh # manage the trusted websites (uamallowed)
Cmnd_Alias SERVICE=/usr/bin/systemctl,/usr/sbin/shutdown # manage the linux services
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem
Cmnd_Alias GAMMU=/usr/local/bin/alcasar-sms.sh # manage the SMS subsystem
Cmnd_Alias SSL=/usr/local/bin/alcasar-importcert.sh,/usr/local/bin/alcasar-letsencrypt.sh,/usr/local/bin/alcasar-https.sh,/usr/local/bin/alcasar-ldap.sh --import-cert * # manage the certificates
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups
Cmnd_Alias HTDIGEST=/usr/local/bin/alcasar-profil.sh # manage htdigest groups
Cmnd_Alias LOG_GEN=/usr/local/bin/alcasar-generate_log.sh # create log PDF from ACC
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet)
Cmnd_Alias LDAP=/usr/local/bin/alcasar-ldap.sh # enable/disable LDAP connection
Cmnd_Alias IOT_CAPTURE=/usr/local/bin/alcasar-iot_capture.sh # enable/disable raw capture of Iot (pcap) --> in activity ACC page
Cmnd_Alias WIFI4EU=/usr/local/bin/alcasar-wifi4eu.sh # enable/disable wifi4eu integration (logo + snippet)
 
# Defaults specification
# Defaults syslog=auth
/scripts/alcasar-load_balancing.sh
File deleted
Property changes:
Deleted: svn:eol-style
-LF
\ No newline at end of property
Deleted: svn:executable
-*
\ No newline at end of property
Deleted: svn:keywords
-Id Author Date
\ No newline at end of property
/scripts/alcasar-condown.sh
3,7 → 3,7
# $Id$
#
# alcasar-condown.sh
# by Rexy
# by Rexy & Pierre RIVAULT
# This script is distributed under the Gnu General Public License (GPL)
 
# This script is started by coova after each logout
56,6 → 56,17
current_users_file="/tmp/current_users.txt"
[ -e $current_users_file ] && sed -i "/^$FRAMED_IP_ADDRESS:/d" $current_users_file
 
# Remove user_IP from ipset of load balancing
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
for (( i = 0 ; i <= $nb_gw ; i++ ));do
gw="gw$i"
ipset test $gw $FRAMED_IP_ADDRESS 1>/dev/null 2>&1
if [ $? -eq 0 ];then
ipset del $gw $FRAMED_IP_ADDRESS
break
fi
done
 
#############################
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter).
## see "/src/chilli.c" for the complete list of parse variables
/scripts/alcasar-conf.sh
124,7 → 124,7
--load|-load)
cd /var/tmp || { echo "Unable to find /var/tmp directory"; }
tar -xf alcasar-conf.tar.gz
# copy alcasar.conf parameters
# update alcasar.conf parameters
PREVIOUS_VERSION=`grep ^VERSION= $DIR_UPDATE/etc/alcasar.conf|cut -d"=" -f2`
MAJ_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f1`
MIN_PREVIOUS_VERSION=`echo $PREVIOUS_VERSION|cut -d"." -f2`
/scripts/alcasar-conup.sh
3,13 → 3,13
# $Id$
#
# alcasar-conup.sh
# by Rexy
# by Rexy & Pierre RIVAULT
# This script is distributed under the Gnu General Public License (GPL)
 
# This script is started by coova after each successfull login
# Ce script est démarré par coova à chaque connexion d'usager (authentification réussi)
 
 
CONF_FILE="/usr/local/etc/alcasar.conf"
PASSWD_FILE="/root/ALCASAR-passwords.txt"
DB_USER=`cat $PASSWD_FILE|grep ^db_user=|cut -d'=' -f2`
DB_PASSWORD=`cat $PASSWD_FILE|grep ^db_password=|cut -d'=' -f2`
67,6 → 67,27
echo "$FRAMED_IP_ADDRESS:PERM" >> $current_users_file
fi
 
# set the user_ip to an gw_ipset for load-balancing
gw_min="gw0"
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2`
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2`
#The *1000 is here to avoid working on floats in bash
gw_min_value=$((1000 * $already / $weight))
 
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
for (( i = 1 ; i <= $nb_gw ; i++ ));do
gw="gw${i}"
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'`
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2`
value=$((1000 * $already / $weight))
if [ $value -lt $gw_min_value ]
then
gw_min_value=$value
gw_min=$gw
fi
done
ipset add $gw_min $FRAMED_IP_ADDRESS
 
#############################
## Debug : show all the coova parse variables (+ ALCASAR-Filter + ALCASAR-Protocols-Filter + Alcasar-Status-Page-Must-Stay-Open).
## see "/src/chilli.c" for the complete list of parse variables
/scripts/alcasar-iptables.sh
39,6 → 39,7
WL_IP_CAT="/usr/local/share/iptables-wl-enabled" # categories files of the WhiteListed IP
TMP_users_set_save="/tmp/users_set_save" # tmp file for backup users set
TMP_set_save="/tmp/ipset_save" # tmp file for blacklist and whitelist creation
TMP_ip_gw_save="/tmp/ipset_ip_gw_save" # tmp file for already connected ips
SSH=`grep ^SSH= $CONF_FILE|cut -d"=" -f2` # sshd active (on/off)
SSH=${SSH:=off}
SSH_ADMIN_FROM=`grep ^SSH_ADMIN_FROM= $CONF_FILE|cut -d"=" -f2`
46,6 → 47,10
IPTABLES="/sbin/iptables"
IP_REHABILITEES="/etc/e2guardian/lists/exceptioniplist" # Rehabilitated IP
SITE_DIRECT="/usr/local/etc/alcasar-site-direct" # WEB Sites allowed for all (no av and no filtering for av_bl users)
MULTIWAN=`grep ^MULTIWAN $CONF_FILE|cut -d"=" -f2`
PROXY=`grep ^PROXY= $CONF_FILE|cut -d"=" -f2`
PROXY_IP=`grep ^PROXY_IP= $CONF_FILE|cut -d"=" -f2`
nb_gw=`grep ^WAN $CONF_FILE|wc -l`
 
# Allow requests to internal DNS if activated
if [ "$INT_DNS_ACTIVE" = "on" ]
53,6 → 58,15
DNSSERVERS="$DNSSERVERS,$INT_DNS_IP"
fi
 
#ipset name list for load_balancing
gw_list="gw0"
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
for ((i=1 ; i<=$nb_gw ; i++)); do
gw_list="${gw_list} gw$i"
done
fi
 
 
# Sauvegarde des SET des utilisateurs connectés si ils existent
# Saving SET of connected users if it exists
ipset list not_filtered 1>/dev/null 2>&1
68,6 → 82,20
ipset save proto_3 >> $TMP_users_set_save
fi
 
# Sauvegarde de la liste de toutes les IP déjà connectées pour les réintégrer dans le load balancing
# Saving all of the already connected IP in order to put them back in the load balancing after
if [ ! -f $TMP_ip_gw_save ];then
# Save only if alcasar-network.sh --save has not been executed before
for i in $gw_list;do
ipset list $i 1>/dev/null 2>&1
if [ $? -eq 0 ]
then
# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines execpt the members
ipset list $i | cut -d":" -f5 | sed '/^[[:space:]]*$/d' >> $TMP_ip_gw_save
fi
done
fi
 
# Chargement de la sonde NetFlow (module noyau ipt_NETFLOW)
# loading of NetFlow probe (ipt_NETFLOW kernel module)
modprobe ipt_NETFLOW destination=127.0.0.1:2055
160,10 → 188,41
ipset create proto_3 hash:ip hashsize 1024
fi
 
#ipsets for load balancing
for i in $gw_list; do
ipset create $i hash:ip
done
cat $TMP_ip_gw_save | while read ip; do
gw_min="gw0"
weight=`grep ^PUBLIC_WEIGHT= $CONF_FILE | cut -d"=" -f2`
already=`ipset list $gw_min | grep Number\ of\ entries: | cut -d":" -f2`
#The *1000 is here to avoid working on floats in bash
gw_min_value=$((1000 * $already / $weight))
i=1
for gw in $gw_list;do
if [ "$gw" != "gw0" ]; then
weight=`grep ^WAN$i= $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F ',' '{ print $2 }'`
already=`ipset list $gw | grep Number\ of\ entries: | cut -d":" -f2`
value=$((1000 * $already / $weight))
if [ $value -lt $gw_min_value ]
then
gw_min_value=$value
gw_min=$gw
fi
i=$(($i+1))
fi
done
ipset add $gw_min $ip
done
rm -f $TMP_ip_gw_save
 
 
 
#############################
# PREROUTING #
#############################
 
 
# Marquage (et journalisation) des paquets qui tentent d'accéder directement aux ports d'écoute du proxy HTTP/HTTPS (E2Guardian) pour pouvoir les rejeter en INPUT
# Mark (and log) the direct attempts to E2guardian listen ports in order to REJECT them in INPUT rules
# 8080 = ipset av_bl
196,7 → 255,7
# 55 = ipset av_wl
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src -p udp --dport domain -j REDIRECT --to-port 55
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src -p tcp --dport domain -j REDIRECT --to-port 55
# 53 = all other users
# 53 = all other users
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p udp --dport domain -j REDIRECT --to-port 53
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p tcp --dport domain -j REDIRECT --to-port 53
 
217,6 → 276,7
# Redirection des requêtes HTTP des usagers "av_bl + av_wl + av" vers E2guardian
# Redirect outbound "av_bl + av_wl +av" users HTTP requests to E2guardian
# 8080 = ipset av_bl
#$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j MARK --set-mark 200
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_bl src -m set ! --match-set site_direct dst ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8080
# 8090 = ipset av_wl & av
$IPTABLES -A PREROUTING -t nat -i $TUNIF -m set --match-set av_wl src ! -d $PRIVATE_IP -p tcp --dport http -j REDIRECT --to-port 8090
232,6 → 292,23
# Redirect NTP request in local NTP server
$IPTABLES -A PREROUTING -t nat -i $TUNIF -s $PRIVATE_NETWORK_MASK ! -d $PRIVATE_IP -p udp --dport ntp -j REDIRECT --to-port 123
 
#Récupération de la marque associée à une gw pour chaque connection
$IPTABLES -A PREROUTING -t mangle -j CONNMARK --restore-mark
 
if [ "$PROXY" == "on" ] || [ "$PROXY" == "On" ];then
$IPTABLES -A PREROUTING -t nat -i $TUNIF ! -d $PRIVATE_IP -p tcp -m multiport --dports http,https -j DNAT --to-destination $PROXY_IP
fi
 
#Marquage pour le load balancing
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
temp_index=200
for i in $gw_list; do
$IPTABLES -A PREROUTING -t mangle -i $TUNIF -m set --match-set $i src -j MARK --set-mark $temp_index
temp_index=$(($temp_index+1))
done
fi
 
 
#############################
# INPUT #
#############################
242,7 → 319,7
$IPTABLES -A OUTPUT -o lo -j ACCEPT
 
# Rejet des demandes de connexions non conformes (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN)
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST et NEW not SYN)
# Drop non standard connexions (FIN-URG-PUSH, XMAS, NullScan, SYN-RST and NEW not SYN)
$IPTABLES -A INPUT -p tcp --tcp-flags FIN,URG,PSH FIN,URG,PSH -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
$IPTABLES -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
455,7 → 532,7
# HTTP & HTTPS requests are allowed with netflow log (from E2guardian)
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j NETFLOW
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j NETFLOW # When E2guardian will be in HTTPS transparent proxy)
#$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j NETFLOW # When E2guardian will be in HTTPS transparent proxy)
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport https -j ACCEPT
 
# On autorise les requêtes RSYNC sortantes (maj BL de Toulouse)
489,6 → 566,9
# Dynamic NAT on EXTIF
$IPTABLES -A POSTROUTING -t nat -o $EXTIF -j MASQUERADE
 
#Sauvegarde de la marque associée à la connexion pour le load balancing
$IPTABLES -A POSTROUTING -t mangle -j CONNMARK --save-mark
 
#############################
# FAIL2BAN #
#############################
/scripts/alcasar-network.sh
0,0 → 1,109
#!/bin/bash
 
# alcasar-network.sh
# by Pierre RIVAULT and Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# Met à jour la configuration réseau conformément au fichier de configuration (alcasar.conf)
# update network configuration according to alcasar.conf
 
CONF_FILE="/usr/local/etc/alcasar.conf"
TMP_ip_gw_save="/tmp/ipset_ip_gw_save"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2`
PUBLIC_IP=`grep ^PUBLIC_IP= $CONF_FILE|cut -d"=" -f2`
GW1=`grep ^GW= $CONF_FILE|cut -d"=" -f2`
MTU=`grep ^PUBLIC_MTU= $CONF_FILE|cut -d"=" -f2`
MULTIWAN=`grep ^MULTIWAN= $CONF_FILE|cut -d"=" -f2`
MULTIWAN=${MULTIWAN:=Off}
NET="`ipcalc -n $PUBLIC_IP | cut -d"=" -f2`/`ipcalc -p $PUBLIC_IP | cut -d"=" -f2`"
IP=`echo $PUBLIC_IP | cut -d"/" -f1`
PRIVATE_IP_MASK=`grep ^PRIVATE_IP $CONF_FILE | cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
PRIVATE_NETMASK=`echo $PRIVATE_IP_MASK | cut -d"/" -f2`
PRIVATE_PREFIX=`/bin/ipcalc -p $PRIVATE_IP $PRIVATE_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP $PRIVATE_NETMASK| cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$PRIVATE_PREFIX # @ + masque du réseau de consult (192.168.182.0/24)
nb_gw=`grep ^WAN $CONF_FILE | wc -l`
routecmd="ip route replace default scope global"
 
if [ $(whoami) != "root" ]; then
echo "You must be root to run this!" ; echo ; exit 1
fi
 
if [ $# -eq 0 ]; then
args="--apply"
else
args=$1
fi
 
case $args in
--save)
rm -f $TMP_ip_gw_save
# ipset name list for load_balancing
gw_list="gw0"
for ((i=1 ; i<=$nb_gw ; i++)); do
gw_list="${gw_list} gw$i"
done
# Saving all of the already connected IP in order to put them back in the load balancing after
for i in $gw_list;do
ipset list $i 1>/dev/null 2>&1
if [ $? -eq 0 ]
then
# the cut -d":" -f5 deletes all the lines with a :, i.e all the lines except the members
ipset list $i | cut -d":" -f5 | sed '/^[[:space:]]*$/d' >> $TMP_ip_gw_save
fi
done
exit 0
;;
--apply)
[ -e /etc/sysconfig/network-scripts/ifcfg-$EXTIF ] && ifdown $EXTIF
# set the new configuration for EXTIF
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$EXTIF
DEVICE=$EXTIF
BOOTPROTO=static
IPADDR=$IP
NETMASK=`ipcalc -m $PUBLIC_IP | cut -d= -f2`
NETWORK=`ipcalc -n $PUBLIC_IP | cut -d= -f2`
GATEWAY=$GW1
DNS1=127.0.0.1
RESOLV_MODS=yes
ONBOOT=yes
METRIC=10
MII_NOT_SUPPORTED=yes
IPV6INIT=no
IPV6TO4INIT=no
ACCOUNTING=no
USERCTL=no
MTU=$MTU
NOZEROCONF=yes
EOF
ifup $EXTIF
ip route flush ${NET} # Remove the previous route for the network of EXTIF
ip route delete default scope global # Remove the previous default route
ip route add ${NET} dev ${EXTIF} src ${IP} # Set the new route for EXTIF network
ip route add ${NET} dev ${EXTIF} src ${IP} table 200 # Set the new default route. If no multiwan, these lines are equivalent to `ip route add default via ${GW1}`
ip route add default via ${GW1} table 200
routecmd="${routecmd} nexthop via ${GW1} dev ${EXTIF}"
ip rule flush # Remove the previous routing rules
ip rule add from all lookup main pref 32766 # Set back the main rules
ip rule add from all lookup default pref 32767 # Set back the default rules
ip rule add from ${PRIVATE_NETWORK_MASK} fwmark 200 lookup 200 # Add the rule for the first gateway
if [ "$MULTIWAN" == "on" ] || [ "$MULTIWAN" == "On" ]; then
nb_gw_supp=`grep ^WAN $CONF_FILE|wc -l`
for ((i=0 ; $i < $nb_gw_supp ; i++)); do
table=$(($i + 201)) # This number is used to mark the paquets in order to route them to the choosen GW
GW=`grep ^WAN$(($i + 1))= $CONF_FILE|awk -F'"' '{ print $2 }' | awk -F, '{print $1}'`
ip route add ${NET} dev ${EXTIF} src ${IP} table $table # Add the others route in their respective tables
ip route add default via ${GW} table $table
ip rule add from ${PRIVATE_NETWORK_MASK} fwmark $table lookup $table # Add the rule for each rule depending of the mark set by the firewall
routecmd="${routecmd} nexthop via ${GW} dev ${EXTIF}" # add the added gateway into the default gateway
done
fi
${routecmd} # define the default gateway for outgoing traffic
ip route flush cache
exit 0
;;
*)
exit 1
;;
esac
Property changes:
Added: svn:eol-style
+native
\ No newline at end of property
Added: svn:executable
+*
\ No newline at end of property
/scripts/alcasar-rpm-download.sh
13,7 → 13,7
# The kernel version we compile netflow for
KERNEL="kernel-server-5.10.30-1.mga7-1-1.mga7"
# ****** Alcasar needed RPMS - paquetages nécessaires au fonctionnement d'Alcasar ******
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd clamav clamav-db fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
 
rpm_repository_sync ()
{
/scripts/alcasar-rpm.sh
18,7 → 18,8
# "lsscsi" & nvme-cli" : needed by phpsysinfo
# "socat" : avoid a warning when run the install script of letsencrypt ("acme.sh")
# "sudo" : needed after a reinstallation (to be investigated)
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
# "clamav + clamav-db" : needes because of a mutual dependance
PACKAGES="vim-enhanced freeradius freeradius-mysql freeradius-ldap lighttpd lighttpd-mod_auth php-fpm php-gd php-ldap php-mysqli php-mbstring php-sockets php-curl php-pdo_sqlite php-cli unbound e2guardian postfix mariadb ntp bind-utils openssh-server rng-utils rsync clamav clamav-db clamd fail2ban gnupg2 ulogd pm-fallback-policy ipset usb_modeswitch vnstat dos2unix p7zip msec kernel-userspace-headers kernel-firmware-nonfree dnsmasq dhcp-server tcpdump fonts-dejavu-common fonts-ttf-dejavu lsscsi nvme-cli sudo socat"
 
rpm_repository_sync ()
{
/scripts/alcasar-uninstall.sh
289,19 → 289,14
 
post_install ()
{
echo -en "(8) : "
echo -en "(7) : "
[ -e /etc/mageia-release.default ] && mv -f /etc/mageia-release.default /etc/mageia-release && echo -n "1, "
[ -e /etc/ssh/alcasar-banner-ssh ] && rm -f /etc/ssh/alcasar-banner-ssh && echo -n "2, "
[ -e /etc/ssh/sshd_config.default ] && mv -f /etc/ssh/sshd_config.default /etc/ssh/sshd_config && echo -n "3, "
[ -e /etc/bashrc.default ] && mv -f /etc/bashrc.default /etc/bashrc && echo -n "4, "
[ -e /etc/sudoers.default ] && mv -f /etc/sudoers.default /etc/sudoers && echo -n "5, "
if [ -e /etc/systemd/system/alcasar-load_balancing.service ]
then
rm -f /etc/systemd/system/alcasar-load_balancing.service
echo -n "6, "
fi
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "7, "
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "8"
[ -e /etc/security/limits.conf.default ] && mv -f /etc/security/limits.conf.default /etc/security/limits.conf && echo -n "6, "
[ -e /etc/default/grub.default ] && mv -f /etc/default/grub.default /etc/default/grub && echo -n "7"
}
 
 
337,7 → 332,7
echo "----------------------------------------------------------------------------"
echo "** Uninstall/Désinstallation d'ALCASAR **"
echo "----------------------------------------------------------------------------"
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban iptables ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian sshd chilli"
/usr/local/bin/alcasar-logout.sh all # logout everybody
else
echo "--------------------------------------------------------------------------"
344,7 → 339,7
echo "** update/mise à jour d'ALCASAR **"
echo "--------------------------------------------------------------------------"
# unbound, iptables & sshd should stay on to allow remote update
services="alcasar-load_balancing vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
services="vnstat clamav-daemon clamav-freshclam ntpd php-fpm lighttpd radiusd mysqld unbound-blacklist unbound-whitelist dnsmasq-whitelist unbound-blackhole nfcapd fail2ban ulogd-ext-access ulogd-ssh ulogd-traceability e2guardian chilli"
/usr/local/bin/alcasar-bypass.sh -on # to allow remote update + users stay connected during the update
fi
 
391,7 → 386,7
done
if [ $mode == "full" ]
then
echo -en "\n- network(9) : "
echo -en "\n- network(10) : "
hostnamectl set-hostname localhost.localdomain
chmod a-x /etc/sysconfig/network-scripts/default-*
i=0
406,12 → 401,17
[ -e /etc/hosts.allow.default ] && mv -f /etc/hosts.allow.default /etc/hosts.allow && echo -n "5, "
[ -e /etc/hosts.deny.default ] && mv -f /etc/hosts.deny.default /etc/hosts.deny && echo -n "6, "
[ -e /etc/modprobe.preload.default ] && mv -f /etc/modprobe.preload.default /etc/modprobe.preload && echo -n "7, "
if [ -e /etc/systemd/system/alcasar-network.service ]
- then
- rm -f /etc/systemd/system/alcasar-network.service
- echo -n "8, "
- fi
if [ -e /etc/systemd/system/iptables.service ]
then
rm -f /etc/systemd/system/iptables.service
echo -n "8, "
echo -n "9, "
fi
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "9"
[ -e /usr/libexec/iptables.init.default ] && mv -f /usr/libexec/iptables.init.default /usr/libexec/iptables.init && echo -n "10"
/usr/bin/systemctl restart network
sleep 1
fi
/web/acc/admin/network.php
1,7 → 1,7
<?php
# $Id$
 
// written by steweb57, Rexy & Tom HOUDAYER
// written by steweb57, Rexy, Tom HOUDAYER & Pierre RIVAULT
 
/********************
* READ CONF FILES *
11,6 → 11,8
define('ETHERS_INFO_FILE', '/usr/local/etc/alcasar-ethers-info');
define('DNS_LOCAL_FILE', '/etc/hosts');
define('LETS_ENCRYPT_FILE', '/usr/local/etc/alcasar-letsencrypt');
define('TEMP_FILE', '/tmp/alcasar.conf.temp');
 
$conf_files = [CONF_FILE, ETHERS_FILE, ETHERS_INFO_FILE, DNS_LOCAL_FILE, LETS_ENCRYPT_FILE];
 
// Files reading test
98,6 → 100,14
$l_renew = "Renouveller";
$l_renew_force = "Renouveller (forcer)";
$l_previous_LE_cert = "Revenir au certificat Let's Encrypt :";
$l_gw_weight = "Poids";
$l_error = "Erreur";
$l_error_bad_ip = "Ceci n'est pas une adresse IP valide";
$l_error_bad_ip_CIDR = "Ceci n'est pas une adresse CIDR valide";
$l_error_bad_ip_port = "Ceci n'est pas une adresse IP + port valide";
$l_error_weight = "Ceci n'est pas un poids valide";
$l_change_successful = "Changement effectué avec succès";
 
} else if ($Language === 'es') {
$l_network_title = "Configuración de Red";
$l_internet_legend = "INTERNET";
153,6 → 163,13
$l_renew = "Renovar";
$l_renew_force = "Renovar (forzado)";
$l_previous_LE_cert = "Volver al certificado de Let's Encrypt :";
$l_gw_weight = "";/*TODO Traduction espagnole*/
$l_error = "";/*TODO Traduction espagnole*/
$l_error_bad_ip = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_CIDR = "";/*TODO Traduction espagnole*/
$l_error_bad_ip_port = "";/*TODO Traduction espagnole*/
$l_error_weight = "";/*TODO Traduction espagnole*/
$l_change_successful = "";/*TODO Traduction espagnole*/
} else {
$l_network_title = "Network configuration";
$l_internet_legend = "INTERNET";
208,15 → 225,24
$l_renew = "Renew";
$l_renew_force = "Renew (force)";
$l_previous_LE_cert = "Back to the Let's Encrypt certificate :";
$l_gw_weight = "Weight";
$l_error = "Error";
$l_error_bad_ip = "This is not a valid IP";
$l_error_bad_ip_CIDR = "This is not a valid CIDR IP";
$l_error_bad_ip_port = "This is not a valid IP + port";
$l_error_weight = "This is not a valid weight";
$l_change_successful = "Network updated successfully";
}
 
$reg_ip = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/';
$reg_ip_cidr = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2]))$/';
$reg_ip_port = '/^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\:([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-9][0-9]{3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5]))$/';
$reg_mac = '/^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$/';
$reg_host = '/^[a-zA-Z0-9-_]+$/';
$reg_weight = '/^[0-9]*$/';
$ext_conf_error = false;
 
$choix = (isset($_POST['choix'])) ? $_POST['choix'] : '';
 
switch ($choix) {
case 'DHCP_On':
exec('sudo /usr/local/bin/alcasar-dhcp.sh -on');
226,7 → 252,6
exec('sudo /usr/local/bin/alcasar-dhcp.sh -off');
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'new_mac':
$new_mac_addr = trim($_POST['add_mac']);
$new_ip_addr = trim($_POST['add_ip']);
274,7 → 299,6
}
header('Location: '.$_SERVER['PHP_SELF']);
exit();
 
case 'new_host':
$add_host = trim($_POST['add_host']);
$add_ip = trim($_POST['add_ip']);
340,7 → 364,6
}
}
break;
 
case 'https_login': // Set HTTPS login status
if ($_POST['https_login'] === 'on') {
exec('sudo /usr/local/bin/alcasar-https.sh --on');
353,33 → 376,183
 
// Network changes
if ($choix === 'network_change') {
$network_modification = false;
exec('sudo /usr/local/bin/alcasar-network.sh --save');
$modification_network = false;
$modification_dns = false;
$modification_proxy = false;
$ext_conf_error_list = [];
copy(CONF_FILE, TEMP_FILE);
 
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1']) && preg_match($reg_ip, $_POST['dns1'])) {
file_put_contents(CONF_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(CONF_FILE)));
$network_modification = true;
if (isset($_POST['dns1']) && (trim($_POST['dns1']) !== $conf['DNS1'])) {
if (!preg_match($reg_ip, $_POST['dns1'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns1.': '.$l_error_bad_ip;
}
file_put_contents(TEMP_FILE, str_replace('DNS1='.$conf['DNS1'], 'DNS1='.trim($_POST['dns1']), file_get_contents(TEMP_FILE)));
$modification_dns = true;
}
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2']) && preg_match($reg_ip, $_POST['dns2'])) {
file_put_contents(CONF_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(CONF_FILE)));
$network_modification = true;
if (isset($_POST['dns2']) && (trim($_POST['dns2']) !== $conf['DNS2'])) {
if (!preg_match($reg_ip, $_POST['dns2'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_dns2.': '.$l_error_bad_ip;
}
file_put_contents(TEMP_FILE, str_replace('DNS2='.$conf['DNS2'], 'DNS2='.trim($_POST['dns2']), file_get_contents(TEMP_FILE)));
$modification_dns = true;
}
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP']) && preg_match($reg_ip_cidr, $_POST['ip_public'])) {
file_put_contents(CONF_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(CONF_FILE)));
$network_modification = true;
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP'])) {
if (!preg_match($reg_ip_cidr, $_POST['ip_private'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' LAN: '.$l_error_bad_ip_CIDR;
}
file_put_contents(TEMP_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(TEMP_FILE)));
$modification_network = true;
}
if (isset($_POST['ip_public']) && (trim($_POST['ip_public']) !== $conf['PUBLIC_IP'])) {
if (!preg_match($reg_ip_cidr, $_POST['ip_public'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_address.' WAN: '.$l_error_bad_ip_CIDR;
}
file_put_contents(TEMP_FILE, str_replace('PUBLIC_IP='.$conf['PUBLIC_IP'], 'PUBLIC_IP='.trim($_POST['ip_public']), file_get_contents(TEMP_FILE)));
$modification_network = true;
}
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW']) && preg_match($reg_ip, $_POST['ip_gw'])) {
file_put_contents(CONF_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(CONF_FILE)));
$network_modification = true;
}
if (isset($_POST['ip_private']) && (trim($_POST['ip_private']) !== $conf['PRIVATE_IP']) && preg_match($reg_ip_cidr, $_POST['ip_private'])) {
file_put_contents(CONF_FILE, str_replace('PRIVATE_IP='.$conf['PRIVATE_IP'], 'PRIVATE_IP='.trim($_POST['ip_private']), file_get_contents(CONF_FILE)));
$network_modification = true;
}
if (isset($_POST['ip_gw']) && (trim($_POST['ip_gw']) !== $conf['GW'])) {
if (!preg_match($reg_ip, $_POST['ip_gw'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' 1: '.$l_error_bad_ip;
}
file_put_contents(TEMP_FILE, str_replace('GW='.$conf['GW'], 'GW='.trim($_POST['ip_gw']), file_get_contents(TEMP_FILE)));
$modification_network = true;
}
if (isset($_POST['enable_proxy']) && $_POST['enable_proxy'] == 'P_Enabled')
{
if ($conf['PROXY'] !== 'On')
{
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=On', file_get_contents(TEMP_FILE)));
$modification_proxy = true;
}
if (isset($_POST['proxy']) && (trim($_POST['proxy']) !== $conf['PROXY_IP'])) {
if (!preg_match($reg_ip_port, $_POST['proxy'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': Proxy: '.$l_error_bad_ip_port;
}
file_put_contents(TEMP_FILE, str_replace('PROXY_IP='.$conf['PROXY_IP'], 'PROXY_IP='.trim($_POST['proxy']), file_get_contents(TEMP_FILE)));
$modification_proxy = true;
}
if ($conf['MULTIWAN'] !== 'Off')
{
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE)));
$modification_network = true;
}
}
else
{
//set multiwan value to off and delete every "WANx=" line
if ($_POST['gw_count'] === "1" && $conf['MULTIWAN'] !== 'Off')
{
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=Off', file_get_contents(TEMP_FILE)));
$temp = 1;
while (isset($conf['WAN'.$temp]))
{
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE)));
$temp++;
}
$modification_network = true;
}
if ($_POST['gw_count'] !== "1")
{
$changed = false;
//testing the existence of a change in the routing configuration
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nb_gw);
if ($_POST['gw_count'] == ($nb_gw[0] + 1))
{
if ($_POST['weight'] !== $conf['PUBLIC_WEIGHT']) {
$changed = true;
}
else {
for($i=1;$i<$_POST['gw_count'];$i++)
{
if( '"'.$_POST['ip_gw_'.$i].','.$_POST['weight_'.$i].'"' != $conf['WAN'.$i])
{
$changed = true;
break;
}
}
}
}
else
{
$changed = true;
}
 
if ($network_modification) {
exec('sudo /usr/local/bin/alcasar-conf.sh -apply');
}
if ($changed == true)
{
//deleting all the old lines containing "WANx="
$temp = 1;
while (isset($conf['WAN'.$temp]))
{
file_put_contents(TEMP_FILE, str_replace('WAN'.$temp.'='.$conf['WAN'.$temp]."\n", '', file_get_contents(TEMP_FILE)));
$temp++;
}
//setting back the line "WAN1=" which will be our base
if (!preg_match($reg_weight, $_POST['weight'])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' 1: '.$l_error_weight;
}
file_put_contents(TEMP_FILE, str_replace('PUBLIC_WEIGHT='.$conf['PUBLIC_WEIGHT'], 'PUBLIC_WEIGHT='.(($_POST['weight'] !== '')?$_POST['weight']:1), file_get_contents(TEMP_FILE)));
//Set Multiwan status
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], "MULTIWAN=On\nWAN1=", file_get_contents(TEMP_FILE)));
//Adding the correct number of "WANx=" lines, numbered
for($i=2;$i<$_POST['gw_count'];$i++)
{
file_put_contents(TEMP_FILE, str_replace('WAN'.($i-1).'=', 'WAN'.($i-1)."=\nWAN".$i.'=', file_get_contents(TEMP_FILE)));
}
//Adding the content
for($i=1;$i<$_POST['gw_count'];$i++)
{
if (!preg_match($reg_ip, $_POST['ip_gw_'.$i])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_ip_router.' '.($i+1).': '.$l_error_bad_ip;
}
if (!preg_match($reg_weight, $_POST['weight_'.$i])) {
$ext_conf_error = true;
$ext_conf_error_list[] = $l_error.': '.$l_gw_weight.' '.($i+1).': '.$l_error_weight;
}
file_put_contents(TEMP_FILE, str_replace('WAN'.$i.'=', 'WAN'.$i.'="'.$_POST['ip_gw_'.$i].','.(($_POST['weight_'.$i] === "0" || $_POST['weight_'.$i] === "")?"1":$_POST['weight_'.$i]).'"', file_get_contents(TEMP_FILE)));
}
$modification_network = true;
}
}
//set proxy value to off
if ($conf['PROXY'] !== 'Off')
{
file_put_contents(TEMP_FILE, str_replace('PROXY='.$conf['PROXY'], 'PROXY=Off', file_get_contents(TEMP_FILE)));
if($_POST['gw_count'] !== "1" && $conf['MULTIWAN'] !== 'On') {
file_put_contents(TEMP_FILE, str_replace('MULTIWAN='.$conf['MULTIWAN'], 'MULTIWAN=On', file_get_contents(TEMP_FILE)));
$modification_network = true;
}
$modification_proxy = true;
}
}
 
//if no errors are detected
if ($ext_conf_error == false) {
copy(TEMP_FILE, CONF_FILE);
//DNS values modification, several services needs to be reloading, reloads the full server.
if ($modification_dns) {
exec('sudo /usr/local/bin/alcasar-conf.sh -apply');
}
//External network modifications, no service reloading
if ($modification_network) {
exec('sudo /usr/local/bin/alcasar-network.sh');
exec('sudo /usr/local/bin/alcasar-iptables.sh');
}
//If only the proxy has been modified, only the firewall needs a change
else if ($modification_proxy) {
exec('sudo /usr/local/bin/alcasar-iptables.sh');
}
}
unlink(TEMP_FILE);
 
// Read CONF_FILE updated
$file_conf = fopen(CONF_FILE, 'r');
if (!$file_conf) {
453,18 → 626,33
$internet_publicIP = '-.-.-.-';
}
 
// Network interfaces
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['EXTIF'], $conf['INTIF']];
// Network interfaces, will be use later for multiple LAN interfaces
$interfacesIgnored = ['lo', 'tun[0-9]*', $conf['INTIF']];
exec("ip -o link show | awk -F': ' '{print $2}' | sed '/^" . implode('\\|', $interfacesIgnored) . "$/d'", $interfacesAvailable);
 
// TODO: Pending the next version
$externalNetworks = [
//retreive gateway(s) parameters
$gateways = [
(object) [
'interface' => $conf['EXTIF'],
'ip' => $conf['PUBLIC_IP'],
'gateway' => $conf['GW']
'gateway' => $conf['GW'],
'weight' => $conf['PUBLIC_WEIGHT']
]
];
exec("grep \"^WAN\" " . CONF_FILE . " | wc -l", $nbIfaces);
if ($nbIfaces > 0)
{
for ($i = 1; $i <= $nbIfaces[0]; $i++) {
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $1 }'", $temp_gw);
exec("grep \"WAN" . $i . "=\" " . CONF_FILE . " | awk -F'\"' '{ print $2 }' | awk -F, '{ print $2 }'", $temp_weight);
$gateways[] = (object) [
'gateway' => $temp_gw[0],
'weight' => $temp_weight[0]
];
$temp_gw = "";
$temp_weight = "";
}
}
 
//retreive internal networks parameters
$internalNetworks = [
(object) [
'interface' => $conf['INTIF'],
510,7 → 698,7
width: 30%;
}
.network-configurator .actions {
position: absolute;
position: absolute;
background-color: #ddd;
padding: 0 2px;
}
520,10 → 708,11
.network-configurator .actions a:hover {
font-weight: bold;
}
.network-configurator > .alcasar .actions-externals {
bottom: 0;
left: 0;
border-radius: 0 5px;
.network-configurator .actions-externals {
right: 0;
border-radius: 5px;
position: relative;
text-decoration: none;
}
.network-configurator > .alcasar .actions-internals {
bottom: 0;
531,9 → 720,10
border-radius: 5px 0;
}
.network-configurator .actions-network {
top: 0;
right: 0;
border-radius: 0 5px;
border-radius: 5px;
position: relative;
text-decoration: none;
}
.network-configurator .network-box {
display: inline-block;
558,10 → 748,10
background-color: black;
}
.network-configurator .network-connector[data-connector-direction="left"] {
border-radius: 5px 0px 0px 5px;
border-radius: 5px 0 0 5px;
}
.network-configurator .network-connector[data-connector-direction="right"] {
border-radius: 0px 5px 5px 0px;
border-radius: 0 5px 5px 0;
}
.network-configurator div[data-network-type] {
position: relative;
569,39 → 759,30
</style>
<script>
$(document).ready(function () {
const interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>;
 
const wireStyles = {
available: { border: '5px double green' }
};
setTimeout(function(){$("#change_success").fadeOut('normal');}, 10000);
 
// Add external network
$('.network-configurator .add-external-network').click(function (event) {
//Will be used later for multiple LAN interfaces
let interfacesAvailable = <?= ((!empty($interfacesAvailable)) ? "['".implode("', '", $interfacesAvailable)."']" : '[]') ?>;
const wireStyles = { available: { border: '5px double green' } };
 
// Add gateway
$('.network-configurator').on('click', '.add-external-network', function (event) {
event.preventDefault();
let options = '';
if (interfacesAvailable.length === 0) {
options = '<option value=""></option>';
} else {
for (let i = 0; i < interfacesAvailable.length; i++) {
options += '<option value="' + interfacesAvailable[i] + '">' + interfacesAvailable[i] + '</option>';
}
}
$('.network-configurator .externals').append(' \
<div data-network-type="external"> \
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div> \
<div class="network-box"> \
<div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> \
<label for="ext_interface_X"><?= 'Interface' ?></label> <select name="interface" id="ext_interface_X">' + options + '</select><br> \
<label for="ext_ip_X"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_X" value="" /><br> \
<label for="ext_gateway_X"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_X" value="" /> \
</div> \
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div> \
</div>');
addWire($('div[data-network-type="external"]:last'));
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));
$('.network-configurator .externals .network-box #ext_gateways').append(' \
<div id="ip_routeur_' + ifaces_count + '" data-info_type="gateway" data-number="'+ ifaces_count +'">\
<label for="ext_gateway_' + ifaces_count + '"><?= $l_ip_router.' ' ?></label><span class="gw_number">'+ (ifaces_count + 1) +'</span> <input style="width:100px" type="text" name="ip_gw_' + ifaces_count + '" id="ext_gateway_' + ifaces_count + '" value="" /> \
<label for="ext_weight_'+ ifaces_count +'"><?= $l_gw_weight ?></label> <input style="width:20px" type="text" name="weight_' + ifaces_count + '" id="ext_weight_'+ ifaces_count +'" value="0"/> \
<div class="actions actions-network" style="display:inline-block; width:11px"><a href="#" style="display:block; text-align:center" class="remove-network" title="Supprimer ce réseau">-</a></div><br></div> ');
ifaces_count++;
document.getElementById("gw_count").setAttribute('value', ifaces_count);
updateGatewayView();
$('div.network-connector[data-connector-network]').connections('update');
});
 
// Add internal network
$('.network-configurator .add-internal-network').click(function (event) {
$('.network-configurator').on('click', '.add-internal-network', function (event) {
event.preventDefault();
$('.network-configurator .internals').append(' \
<div data-network-type="internal"> \
615,38 → 796,123
addWire($('div[data-network-type="internal"]:last'));
});
 
// Remove network
$('.network-configurator').on('click', '.remove-network', function (event) {
// Remove gateway
$('.network-box').on('click', '.remove-network', function (event) {
event.preventDefault();
$(this).parent().parent().parent().fadeOut(200, function() {
const networkType = $(this).data('networkType');
$(this).remove();
$(this).parent().parent().fadeOut(200, function() {
 
// Update wires
if (networkType === 'external') {
$('div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]').connections('update');
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]').connections('update');
} else if (networkType === 'internal') {
$('div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]').connections('update');
}
$(this).remove();
//update network numbers
$('div[data-info_type="gateway"]').each(function (index, value) {
updateGatewayNumbers($(this), index);
});
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));
document.getElementById("gw_count").setAttribute('value', (ifaces_count - 1));
updateGatewayView();
 
$('div.network-connector[data-connector-network]').connections('update');
});
});
 
//proxy enabled or disabled
$('.network-configurator').on('click', '.enable_proxy', function(event){
if ($(this).is(':checked'))
{
document.getElementById("add_external").setAttribute('hidden', 'true');
document.getElementById("ext_proxy").removeAttribute('disabled');
$('div[id="ip_routeur_0"]').children('span').html('');
$('div[data-info_type="gateway"]').each(function(index, value) {
if ($(this).attr('data-number') !== "0")
{
$(this).attr('hidden', 'true');
}
else
{
$(this).children('input[id="ext_weight_0"]').attr('hidden', 'true');
$(this).children('label[for="ext_weight_0"]').attr('hidden', 'true');
$(this).children('div[class="actions actions-network"]').css('display', 'none');
}
});
}
else
{
document.getElementById("add_external").removeAttribute('hidden');
document.getElementById("ext_proxy").setAttribute('disabled', 'true');
$('div[id="ip_routeur_0"]').children('span').html('1');
$('div[data-info_type="gateway"]').each(function(index, value) {
if ($(this).attr('data-number') !== "0")
{
$(this).removeAttr('hidden');
}
else
{
$(this).children('input[id="ext_weight_0"]').removeAttr('hidden');
$(this).children('label[for="ext_weight_0"]').removeAttr('hidden');
$(this).children('div[class="actions actions-network"]').css('display', 'inline-block');
}
});
updateGatewayView();
}
$('div.network-connector[data-connector-network]').connections('update');
});
 
//Add a wire between two connectors
const addWire = function (network) {
const networkType = network.data('networkType');
if (networkType === 'external') {
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="internet"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' });
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: 'div[data-network-type="external"]>div.network-connector[data-connector-network="external"]:last', css: wireStyles.available, within: 'div[data-network-type="external"]:last' });
} else if (networkType === 'internal') {
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: 'div[data-network-type="internal"]>div.network-connector[data-connector-network="internal"]:last', css: wireStyles.available, within: 'div[data-network-type="internal"]:last' });
$().connections({ from: 'div[data-network-type="internet"]>div.network-connector[data-connector-network="internet"]', to: network.children('div.network-connector[data-connector-network="internet"]'), css: wireStyles.available, within: network });
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="external"]', to: network.children('div.network-connector[data-connector-network="external"]'), css: wireStyles.available, within: network });
} else if (networkType === 'internal') {
$().connections({ from: 'div[data-network-type="alcasar"]>div.network-connector[data-connector-network="internal"]', to: network.children('div.network-connector[data-connector-network="internal"]'), css: wireStyles.available, within: network });
}
};
 
//reindex the gateway numbers when a gateway is deleted
const updateGatewayNumbers = function(gateway, number) {
old_number = gateway.attr('data-number');
gateway.attr('data-number', number);
gateway.attr('id', 'ip_routeur_'+number);
if (number === 0)
{
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw');
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight');
}
else
{
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('name', 'ip_gw_'+number);
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('name', 'weight_'+number);
}
gateway.children('label[for="ext_gateway_'+old_number+'"]').attr('for', 'ext_gateway_'+number);
gateway.children('input[id="ext_gateway_'+old_number+'"]').attr('id', 'ext_gateway_'+number);
gateway.children('label[for="ext_weight_'+old_number+'"]').attr('for', 'ext_weight_'+number);
gateway.children('input[id="ext_weight_'+old_number+'"]').attr('id', 'ext_weight_'+number);
gateway.children('span[class="gw_number"]').html((number+1)+' ');
 
};
 
//hide the delete button and the weight field when there is only one gateway (or when there is a proxy)
const updateGatewayView = function() {
ifaces_count = parseInt(document.getElementById("gw_count").getAttribute('value'));
if (ifaces_count === 1)
{
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').attr('hidden', 'true');
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').attr('hidden', 'true');
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'none');
}
else
{
$('div#ip_routeur_0').children('input[id="ext_weight_0"]').removeAttr('hidden');
$('div#ip_routeur_0').children('label[for="ext_weight_0"]').removeAttr('hidden');
$('div#ip_routeur_0').children('div[class="actions actions-network"]').css('display', 'inline-block');
}
};
 
//resize the connections to fit the window
window.addEventListener('resize', function () {
$('div.network-connector[data-connector-network]').connections('update');
});
 
// Add wires to existing networks
// Add wires to existing networks at page first render
$('div[data-network-type="external"]').add('div[data-network-type="internal"]').each(function (index, element) {
addWire($(this));
});
669,26 → 935,49
</div>
<div class="network-connector" data-connector-network="internet" data-connector-direction="right"></div>
</div>
</div><div class="externals">
<?php foreach ($externalNetworks as $index => $network): ?>
</div><div id="externals_id" class="externals">
<div data-network-type="external">
<div class="network-connector" data-connector-network="internet" data-connector-direction="left"></div>
<div class="network-box">
<!-- <div class="actions actions-network"><a href="#" class="remove-network" title="Supprimer ce réseau">-</a></div> -->
<label for="ext_interface_<?= $index ?>"><?= 'Interface' ?></label> <select name="ext_interface[<?= $index ?>]" id="ext_interface_<?= $index ?>" disabled><option value="<?= $network->interface ?>"><?= $network->interface ?></option></select><br>
<label for="ext_ip_<?= $index ?>"><?= $l_ip_address ?></label> <input style="width:150px" type="text" name="ip_public" id="ext_ip_<?= $index ?>" value="<?= $network->ip ?>" /><br>
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router ?></label> <input style="width:120px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" />
</div>
<label for="ext_interface">Interface</label> <input name="ext_interface" id="ext_interface" value="<?= $conf['EXTIF'] ?>" disabled="disabled"/><br>
<label for="ext_ip"><?= $l_ip_address ?></label> <input style="width:130px" type="text" name="ip_public" id="ext_ip" value="<?= $conf['PUBLIC_IP'] ?>" /><br>
<input class="enable_proxy" type="checkbox" name="enable_proxy" value="P_Enabled" <?php if($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On') { echo 'checked'; }?>/>
<label for="proxy">Proxy</label> <input style="width:140px" type="text" name="proxy" id="ext_proxy" value=<?= $conf['PROXY_IP']?> <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? '' : 'disabled'?>/><br>
<div id="ext_gateways" >
<input type="text" name="gw_count" id="gw_count" value="<?=count($gateways)?>" hidden="hidden"/>
<?php foreach ($gateways as $index => $network):
if ($index == 0) {?>
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>">
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label>
<span class="gw_number"><?= ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')?'':($index+1) ?> </span>
<input style="width:100px" type="text" name="ip_gw" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>" />
<label for="ext_weight_<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>><?= $l_gw_weight ?></label>
<input style="width:20px" type="text" name="weight" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On' || $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'hidden' : '' ?>/>
<div class="actions actions-network" style="display: <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On'|| $conf['MULTIWAN'] === 'Off' || $conf['MULTIWAN'] === 'off')? 'none' : 'inline-block' ?>; width:11px">
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a>
</div><br>
</div>
<?php } else {?>
<div id="ip_routeur_<?= $index ?>" data-info_type="gateway" data-number="<?= $index ?>" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>>
<label for="ext_gateway_<?= $index ?>"><?= $l_ip_router.' ' ?></label>
<span class="gw_number"><?= ($index+1) ?> </span>
<input style="width:100px" type="text" name="ip_gw_<?= $index ?>" id="ext_gateway_<?= $index ?>" value="<?= $network->gateway ?>"/>
<label for="ext_weight_<?= $index ?>"><?= $l_gw_weight ?></label>
<input style="width:20px" type="text" name="weight_<?= $index ?>" id="ext_weight_<?= $index ?>" value="<?= $network->weight ?>"/>
<div class="actions actions-network" style="display:inline-block; width:11px">
<a style="display:block; text-align:center" href="#" class="remove-network" title="Supprimer ce réseau">-</a>
</div><br>
</div>
<?php } endforeach; ?>
</div>
<div class="actions actions-externals" style="margin: 0 auto; width:11px"><a id="add_external" href="#" class="add-external-network" title="Ajouter un réseau externe" <?php echo ($conf['PROXY'] === 'on' || $conf['PROXY'] === 'On')? 'hidden' : '' ?>>+</a></div>
</div>
<div class="network-connector" data-connector-network="external" data-connector-direction="right"></div>
</div>
<? endforeach; ?>
</div><div class="alcasar">
<div data-network-type="alcasar">
<div class="network-connector" data-connector-network="external" data-connector-direction="left"></div>
<div class="network-box">
<!-- <div class="actions actions-externals">
<div><a href="#" class="add-external-network" title="Ajouter un réseau externe">+</a></div>
</div> -->
<div class="alcasar-logo"><img src="/images/logo-alcasar.png" style="width: 100px;height: 100px;"></div>
<!-- <div class="actions actions-internals">
<div><a href="#" class="add-internal-network" title="Ajouter un réseau interne">+</a></div>
697,7 → 986,7
</div>
<div class="network-connector" data-connector-network="internal" data-connector-direction="right"></div>
</div>
</div><div class="internals">
</div><div id="internals_id" class="internals" data-count="1">
<?php foreach ($internalNetworks as $network): ?>
<div data-network-type="internal">
<div class="network-connector" data-connector-network="internal" data-connector-direction="left"></div>
710,6 → 999,18
<? endforeach; ?>
</div>
</div>
<?php if ($ext_conf_error == true) {
echo '<span style="color:red">';
$temp = 0;
while (isset($ext_conf_error_list[$temp])) {
echo $ext_conf_error_list[$temp].'<br>';
$temp++;
}
echo '</span>';
}
else if (($choix === 'network_change') && ($modification_proxy || $modification_dns || $modification_network)) {
echo '<span id="change_success" style="color:green">'.$l_change_successful.'</span>';
}?>
<hr>
<div style="text-align: center; margin: 5px">
<input type="hidden" name="choix" value="network_change">
741,6 → 1042,7
$mac_addr = $fields[0];
$ip_addr = $fields[1];
$info = (isset($fields[2])) ? implode(' ', array_slice($fields, 2)) : ' ';
 
echo '<tr>';
echo "<td>$mac_addr</td>";
echo "<td>$ip_addr</td>";
/web/intercept.php
111,7 → 111,7
$l_reply_6 = "Se ha alcanzado su tiempo de conexión autorizado";
$l_online_time = "Tiempo en linea";
$l_remaining_time = "Tiempo restante";
$l_uam_domain = "Sitios web autorizados : ";
$l_uam_domain = "Sitios de libre acceso : ";
$l_autoregistration = "Registo autom&aacute;tico";
} else if ($Language === 'pt') { // Portuguese
$l_ChilliError = "A autenticação precisa ser bem sucedida através do portal.";
145,7 → 145,7
$l_reply_6 = "Seu tempo de conexão autorizada finalizou";
$l_online_time = "Tempo Online";
$l_remaining_time = "Tempo restante";
$l_uam_domain = "Sites autorizados : ";
$l_uam_domain = "Sítios de acesso livre : ";
$l_autoregistration = "Registo autom&aacute;tico";
} else if ($Language === 'zh') { // Chinese
$l_ChilliError = "验证必须通过强制门户服务";
179,7 → 179,7
$l_reply_6 = "已经到达您的允许连接时间";
$l_online_time = "在线时间";
$l_remaining_time = "剩余时间";
$l_uam_domain = "授权网站 : ";
$l_uam_domain = " : ";
$l_autoregistration = "短信注册";
} else if ($Language === 'ar') { // Arabic
$l_ChilliError = "يجب نجاح المصادقة على البوابة الأسيرة";
213,7 → 213,7
$l_reply_6 = "استكملت مذة الإتصال المسموحة";
$l_online_time = "مذة الإتصال";
$l_remaining_time = "الوقت المتبق";
$l_uam_domain = ":المواقع المسموحة ";
$l_uam_domain = "مواقع الوصول المجاني";
$l_autoregistration = "تسجيل ذاتي (SMS)";
} else if ($Language === 'de') { // German
$l_ChilliError = "Sie wurden erfolgreich durch das Portal authentifiziert.";
247,7 → 247,7
$l_reply_6 = "Ihre maximale Verbindungszeit wurde erreicht";
$l_online_time = "Online-Zeit";
$l_remaining_time = "Verbleibende Zeit";
$l_uam_domain = "Authorisierte Webseiten : ";
$l_uam_domain = "Offen zugängliche Seiten : ";
$l_autoregistration = "Automatische Registrierung";
} else if ($Language === 'nl') { // Dutch
$l_ChilliError = "De authenticatie moet een succes worden via de captive portal dienst.";
281,7 → 281,7
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Online tijd";
$l_remaining_time = "Reterende tijd";
$l_uam_domain = "Geautoriseerde website : ";
$l_uam_domain = "Sites met open toegang : ";
$l_autoregistration = "Automatische registratie";
} else if ($Language === 'fr') { // French
$l_ChilliError = "L'authentification doit être réussie sur le portail captif.";
315,7 → 315,7
$l_reply_6 = "Votre durée de connexion autorisée a été atteinte";
$l_online_time = "Temps de connexion";
$l_remaining_time = "Temps restant";
$l_uam_domain = "Sites autorisés : ";
$l_uam_domain = "Sites en accès libre : ";
$l_autoregistration = "Auto enregistrement (sms)";
} else { // English
$l_ChilliError = "The authentication must be successful through the captive portal service.";
349,7 → 349,7
$l_reply_6 = "Your authorized connexion time has been reached";
$l_online_time = "Online time";
$l_remaining_time = "Remaining time";
$l_uam_domain = "Authorized websites : ";
$l_uam_domain = "Open access websites : ";
$l_autoregistration = "Auto registration (sms)";
}