Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 783 → Rev 784

/alcasar.sh
81,9 → 81,32
testing ()
{
if [ $Lang == "fr" ]
then echo -n "Tests des paramètres réseau :"
then echo -n "Tests des paramètres réseau : "
else echo -n "Network parameters tests : "
fi
# We test eth0 config files
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/ifcfg-$EXTIF|cut -d"=" -f2`
if [ `echo $PUBLIC_IP|wc -c` -lt 7 ] || [ `echo $PUBLIC_GATEWAY|wc -c` -lt 7 ]
then
if [ $Lang == "fr" ]
then
echo "Échec"
echo "La carte réseau connectée à Internet ($EXTIF) n'est pas correctement configurée."
echo "Renseignez les champs suivants dans le fichier '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
else
echo "Failed"
echo "The Internet connected network card ($EXTIF) isn't well configured."
echo "The folowing parametres must be set in the file '/etc/sysconfig/network-scripts/ifcfg-$EXTIF' :"
fi
echo "IPADDR="
echo "NETMASK="
echo "GATEWAY="
echo "DNS1="
echo "DNS2="
exit 0
fi
echo -n "."
# We test the Ethernet links state
for i in $EXTIF $INTIF
do
106,7 → 129,7
echo -n "."
done
# On teste la présence d'un routeur par défaut (Box FAI)
if [ `/sbin/route -n|grep -c ^0.0.0.0` -ne "1" ] ; then
if [ `ip route list|grep -c ^default` -ne "1" ] ; then
if [ $Lang == "fr" ]
then
echo "Échec"
121,7 → 144,7
fi
echo -n "."
# On traite le cas où l'interface configurée lors de l'installation est "eth1" au lieu de "eth0" (mystère sur certaines version de BIOS et de VirtualBox)
if [ `/sbin/route -n|grep ^0.0.0.0|grep -c eth1` -eq "1" ] ; then
if [ `ip route list|grep ^default|grep -c eth1` -eq "1" ] ; then
if [ $Lang == "fr" ]
then echo "La configuration des cartes réseau va être corrigée."
else echo "The Ethernet card configuration will be corrected."
303,7 → 326,7
PRIVATE_IP_MASK=`grep PRIVATE_IP conf/etc/alcasar.conf|cut -d"=" -f2`
rm -rf conf/etc/alcasar.conf
fi
# Définition de la config réseau côté "LAN de consultation"
# Define Lan side Ethernet card
hostname $HOSTNAME
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # masque réseau de consultation (ex.: 255.255.255.0)
325,16 → 348,16
private_dyn_ip_ending=`echo $private_dyn_ip_network | cut -d"." -f4`
PRIVATE_DYN_FIRST_IP=`echo $private_dyn_ip_network | cut -d"." -f1-3`"."`expr $private_dyn_ip_ending + 1` # 1ère adresse de la plage dynamique (ex.: 192.168.182.129)
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254)
# Récupération de la config réseau côté "Internet"
# Define Internet side Ethernet card
[ -e /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF ] || cp /etc/sysconfig/network-scripts/ifcfg-$EXTIF /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF
PUBLIC_IP=`grep IPADDR /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip du portail (côté Internet)
DNS1=`grep DNS1 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 1er DNS
DNS2=`grep DNS2 /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2` # @ip 2ème DNS
DNS1=${DNS1:=208.67.220.220}
DNS2=${DNS2:=208.67.222.222}
PUBLIC_NETMASK=`grep NETMASK /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
PUBLIC_PREFIX=`/bin/ipcalc -p $PUBLIC_IP $PUBLIC_NETMASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PUBLIC_GATEWAY=`grep GATEWAY /etc/sysconfig/network-scripts/default-ifcfg-$EXTIF|cut -d"=" -f2`
DEFAULT_PUBLIC_NETMASK=`ipcalc -m 192.168.182.2 | cut -d"=" -f2`
PUBLIC_NETMASK=${PUBLIC_NETMASK:=$DEFAULT_PUBLIC_NETMASK}
PUBLIC_PREFIX=`/bin/ipcalc -p 192.168.182.2 $PUBLIC_NETMASK|cut -d"=" -f2`
echo "PUBLIC_IP=$PUBLIC_IP/$PUBLIC_PREFIX" >> $CONF_FILE
echo "PUBLIC_MTU=1500" >> $CONF_FILE
echo "GW=$PUBLIC_GATEWAY" >> $CONF_FILE
343,7 → 366,7
echo "PRIVATE_IP=$PRIVATE_IP_MASK" >> $CONF_FILE
echo "DHCP=on" >> $CONF_FILE
[ -e /etc/sysconfig/network.default ] || cp /etc/sysconfig/network /etc/sysconfig/network.default
# Configuration réseau
# Renseignement des fichiers de configuration réseau
cat <<EOF > /etc/sysconfig/network
NETWORKING=yes
HOSTNAME="$HOSTNAME"
/CHANGELOG
6,11 → 6,14
- Bug : don't download RPMs twice
- Bug : allow connexion to an LDAP server on WAN side
- Bug : don't disconnect user in some case (when the equipment is authenticated with Mac adresse)
- Bug : control that watchdog can't execute if already running
- Core : allow FTP in output
- Core : new alcasar-iptables.sh script (more logically strutured)
- Core : update phpsysinfo page ("Internet access flag" nom show the right status)
- Core : Authenticate user on Mysql when LDAP server is down
- Core : import users via text file with or without password
- Security : The 8080 (TCP) and 53 (UDP) ports are now hidden on Lan side
- Install : control eth0 config on startup
---- 2.4 ----
- Bug : some minor bugs (log rotate, intercept page, squid, ...)
- Bug : ACC - correction of the Internet connectivity test flag
/scripts/alcasar-iptables.sh
279,6 → 279,12
# HTTP requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport http -j ACCEPT
 
# On autorise les requêtes FTP
# FTP requests are allowed
modprobe ip_conntrack_ftp
$IPTABLES -A OUTPUT -o $EXTIF -p tcp --dport ftp -j ACCEPT
$IPTABLES -A OUTPUT -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
 
# On autorise les requêtes NTP
# NTP requests are allowed
$IPTABLES -A OUTPUT -o $EXTIF -p udp --dport ntp -j ACCEPT
/scripts/alcasar-watchdog.sh
49,6 → 49,12
function lan_test ()
# LAN connectiivity testing
{
watchdog_process=`ps -C alcasar-watchdog.sh|wc -l`
if [[ $(expr $watchdog_process) -gt 3 ]]
then
echo "ALCASAR watchdog is already running"
exit 0
fi
# EXTIF testing
LAN_DOWN="0"
if [ "`/usr/sbin/ethtool $EXTIF|grep Link|cut -d' ' -f3`" != "yes" ]
/web/index.php
1,6 → 1,6
<?php
$hostname = "alcasar";
$network_pb = True;
$network_pb = False;
$cert_add = "http://alcasar/certs";
$direct_access = False;
$diagnostic = "eth0 link down";