Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 1468 → Rev 1469

/scripts/sbin/alcasar-bypass.sh
2,7 → 2,7
# $Id$
 
# alcasar-bypass.sh
# by Franck BOUIJOUX and Richard REY
# by 3abtux and Rexy
# This script is distributed under the Gnu General Public License (GPL)
 
# activation / désactivation du contournement de l'authentification et du filtrage WEB
10,6 → 10,9
 
usage="Usage: alcasar-bypass.sh {--on or -on } | {--off or -off}"
SED="/bin/sed -i"
CONF_FILE="/usr/local/etc/alcasar.conf"
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
 
nb_args=$#
args=$1
if [ $nb_args -eq 0 ]
26,13 → 29,13
# activation du contournement
for i in chilli dansguardian havp mysqld radiusd httpd freshclam dnsmasq squid
do
if (pgrep $i) > /dev/null ; then /etc/init.d/$i stop ; fi
if (pgrep $i) > /dev/null ; then /usr/bin/systemctl stop $i.service ; fi
done
echo "Configure eth1 ..."
cp /etc/sysconfig/network-scripts/default-ifcfg-eth1 /etc/sysconfig/network-scripts/ifcfg-eth1
ifup eth1
echo "$INTIF configuration ..."
cp /etc/sysconfig/network-scripts/default-ifcfg-$INTIF /etc/sysconfig/network-scripts/ifcfg-$INTIF
ifup $INTIF
sh /usr/local/bin/alcasar-iptables-bypass.sh
echo "Configure dnsmasq ..."
echo "dnsmasq Configuration ..."
$SED "s?^conf-dir=.*?#&?g" /etc/dnsmasq-blacklist.conf
$SED "s?^no-dhcp-interface=.*?#&?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
/etc/init.d/dnsmasq start
42,13 → 45,13
--off | -off)
# désactivation du contournement
if (pgrep dnsmasq) > /dev/null ; then /etc/init.d/dnsmasq stop ; fi
echo "Configure dnsmasq ..."
echo "dnsmasq Configuration ..."
$SED "s?^#conf-dir=.*?conf-dir=/usr/local/share/dnsmasq-bl-enabled?g" /etc/dnsmasq-blacklist.conf
$SED "s?^#no-dhcp-interface=.*?no-dhcp-interface=eth1?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
rm -f /etc/sysconfig/network-scripts/ifcfg-eth1
$SED "s?^#no-dhcp-interface=.*?no-dhcp-interface=$INTIF?g" /etc/dnsmasq.conf /etc/dnsmasq-blacklist.conf
rm -f /etc/sysconfig/network-scripts/ifcfg-$INTIF
for i in chilli dansguardian havp mysqld radiusd httpd freshclam dnsmasq squid
do
if ! (pgrep $i) > /dev/null ; then /etc/init.d/$i start ; fi
if ! (pgrep $i) > /dev/null ; then /usr/bin/systemctl start $i.service; fi
done
sh /usr/local/bin/alcasar-iptables.sh
echo "L'authentification et le filtrage sont de nouveau activés"
/scripts/sbin/alcasar-dhcp.sh
42,7 → 42,7
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # dernière adresse de la plage dynamique (ex.: 192.168.182.254)
EXT_DHCP_IP=`grep EXT_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse du serveur DHCP externe
RELAY_DHCP_IP=`grep RELAY_DHCP_IP $ALCASAR_CONF_FILE|cut -d"=" -f2` # Adresse de l'agent Relay : IP interne (défaut 192.168.182.1) dans le cas de DHCP dans le LAN de consultation
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté eth0 ( WAN)
RELAY_DHCP_IP=${RELAY_DHCP_IP:=$PRIVATE_IP} # IP externe (défaut x.y.z.t) dans le cas de DHCP du côté WAN
RELAY_DHCP_PORT=`grep RELAY_DHCP_PORT $ALCASAR_CONF_FILE|cut -d"=" -f2` # Port de redirection vers le relay DHCP : 67 par défaut
RELAY_DHCP_PORT=${RELAY_DHCP_PORT:=67}
 
/scripts/sbin/alcasar-load_balancing.sh
33,6 → 33,7
MULTIWAN=${MULTIWAN:=off}
FAILOVER=`grep FAILOVER= $CONF_FILE|cut -d"=" -f2`
FAILOVER=${FAILOVER:=30}
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
 
 
# space separated list of public IPs to ping in watchdog mode
68,7 → 69,7
IP=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $3}' | cut -d"/" -f1` # @IP
 
if [ $i -ne 0 ]; then
[ -e /etc/sysconfig/network-scripts/ifcfg-eth0:$i ] && ifdown eth0:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-eth0:$i
[ -e /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i ] && ifdown $INTIF:$i && rm -f /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i
IFACE=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'` # IFACE
IP_NET=`grep "^$INT=" $CONF_FILE | awk -F'"' '{print $2}' | awk -F, '{ print $3}'` # IP
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
75,8 → 76,8
GW=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
MTU=`grep "$INT=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $6}'` # MTU
 
# Config eth0:$i (Internet)
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-eth0:$i
# Config $INTIF:$i (Internet)
cat <<EOF > /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i
DEVICE=$IFACE
BOOTPROTO=static
IPADDR=`echo $IP | cut -d"/" -f1`
91,11 → 92,11
ACCOUNTING=no
USERCTL=no
EOF
echo "ifup eth0:$i"
ifup eth0:$i
echo "ifup $INTIF:$i"
ifup $INTIF:$i
NET="`ipcalc -n $IP_NET | cut -d"=" -f2`/`ipcalc -p $IP_NET|cut -d"=" -f2`"
else
IFACE="eth0"
IFACE="$INTIF"
IP_NET=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F'=' '{print $2}'` # IP/MSK
IP=`grep "^PUBLIC_IP=" $CONF_FILE | awk -F= '{ print $2 }' | cut -d"/" -f1` # @IP
GW=`grep "^GW=" $CONF_FILE | awk -F= '{print $2}'` # @GW
139,14 → 140,14
# Fonction virtual Interfaces deleting
###########################
delete_eth () {
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-eth0:* | wc -l`
IFACE_COUNT=`ls -l /etc/sysconfig/network-scripts/ifcfg-$INTIF:* | wc -l`
echo $IFACE_COUNT
while [ $IFACE_COUNT -ne 0 ]
do
i=$IFACE_COUNT
echo "ifdown eth0:$i"
ifdown eth0:$i
rm -f /etc/sysconfig/network-scripts/ifcfg-eth0:$i
echo "ifdown $INTIF:$i"
ifdown $INTIF:$i
rm -f /etc/sysconfig/network-scripts/ifcfg-$INTIF:$i
IFACE_COUNT=$(($IFACE_COUNT - 1))
done
ip route del default scope global
182,7 → 183,7
DOWN_BAK=""
NBIFACE=`grep "^WAN" $CONF_FILE | wc -l` # Nbre interfaces virtuelles
echo "Nombre interfaces = "$NBIFACE
WANIFACE[0]="eth0" # eth0 par défaut
WANIFACE[0]="$INTIF"
c=0
while [ $c -le $NBIFACE ]; do
ITH=(`grep "WAN$c=" $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $2}'`) # IFACE
206,7 → 207,7
for iface in $WANIFACE ; do
COUNT=0 # compteur de test
FAIL=0 # Nombre de fois down
# Recup de l'adresse IP dynamiquement A tester avec le tableau ... ip=${ETH[$i:2]} basé sur iface=${ETH[$i:1]}
# Recup de l'adresse IP dynamiquement
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'`
if [ $i -ne 0 ]; then
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
292,7 → 293,7
# Interface en etat normal --> rajout de la règle en mode nexthop
if [ $FAILIF -eq 0 ]; then
IP=`ifconfig $iface |grep "inet adr" |cut -f 2 -d ":" |awk '{print $1}'`
if [ $iface != "eth0" ]; then
if [ $iface != "$INTIF" ]; then
GW=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $4}'` # @GW
WT=`grep "$iface," $CONF_FILE | awk -F'"' '{ print $2 }' | awk -F, '{ print $5}'` # @GW
else
/scripts/sbin/alcasar-uninstall.sh
203,8 → 203,9
#network
echo -en "\n- network(9) : "
hostname localhost
EXTIF=`/sbin/ip route|grep default|cut -d" " -f5`
INTIF=`/sbin/ip link|grep '^[[:digit:]]:'|grep -v "lo\|$EXTIF"|cut -d" " -f2|tr -d ":"`
CONF_FILE="/usr/local/etc/alcasar.conf"
EXTIF=`grep ^EXTIF= $CONF_FILE|cut -d"=" -f2` # EXTernal InterFace
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2` # INTernal InterFace
i=0
for nic in $EXTIF $INTIF
do