Rev 597 | Go to most recent revision | Blame | Last modification | View Log
#!/bin/sh
# alcasar-network.sh
# by Richard REY
# This script is distributed under the Gnu General Public License (GPL)
# Install network parameters for ALCASAR
# Installation des paramètres réseau d'ALCASAR
# ******* Global *******
DIR_DEST_ETC="/usr/local/etc" # alcasar conf files folder
DIR_DEST_BIN="/usr/local/bin/" # alcasar scripts folder
DIR_WEB="/var/www/html" # alcasar control center
FIC_PARAM="/root/ALCASAR-parameters.txt"
HOSTNAME="alcasar"
DOMAIN="localdomain" # domaine local
EXTIF="eth0" # ETH0 est l'interface connectée à Internet (Box FAI)
INTIF="eth1" # ETH1 est l'interface connectée au réseau local de consultation
SED="/bin/sed -i"
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/[012]?[0-9]\b"
PRIVATE_IP_MASK=`grep PRIVATE_IP $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
check=$(echo $PRIVATE_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for PRIVATE_IP_MASK ($PRIVATE_IP_MASK)"
exit 0
fi
PUBLIC_IP_MASK=`grep PUBLIC_IP $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
check=$(echo $PUBLIC_IP_MASK | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for PUBLIC_IP_MASK ($PUBLIC_IP_MASK)"
exit 0
fi
PTN="\b(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"
PUBLIC_GATEWAY=`grep GW $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the Gateway IP ($PUBLIC_GATEWAY)"
exit 0
fi
DNS1=`grep DNS1 $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the IP address of the first DNS server ($DNS1)"
exit 0
fi
DNS2=`grep DNS2 $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
check=$(echo $PUBLIC_GATEWAY | egrep $PTN)
if [[ "$?" -ne 0 ]]
then
echo "Syntax error for the IP address of the second DNS server ($DNS2)"
exit 0
fi
PRIVATE_NETWORK=`/bin/ipcalc -n $PRIVATE_IP_MASK | cut -d"=" -f2` # @ réseau de consultation (ex.: 192.168.182.0)
private_prefix=`/bin/ipcalc -p $PRIVATE_IP_MASK |cut -d"=" -f2` # prefixe du réseau (ex. 24)
PRIVATE_NETWORK_MASK=$PRIVATE_NETWORK/$private_prefix # @ + masque du réseau de consult (192.168.182.0/24)
classe=$((private_prefix/8)); # classe de réseau (ex.: 2=classe B, 3=classe C)
classe_sup=`expr $classe + 1`
private_network_ending=`echo $PRIVATE_NETWORK | cut -d"." -f$classe_sup` # dernier octet de l'@ de réseau
PRIVATE_NETWORK_SHORT=`echo $PRIVATE_NETWORK | cut -d"." -f1-$classe`. # @ compatible hosts.allow et hosts.deny (ex.: 192.168.182.)
PRIVATE_NETMASK=`/bin/ipcalc -m $PRIVATE_IP_MASK | cut -d"=" -f2` # masque réseau de consultation (ex.: 255.255.255.0)
PRIVATE_BROADCAST=`/bin/ipcalc -b $PRIVATE_IP_MASK | cut -d"=" -f2` # @ broadcast réseau de consultation (ex.: 192.168.182.255)
private_broadcast_ending=`echo $PRIVATE_BROADCAST | cut -d"." -f$classe_sup` # dernier octet de l'@ de broadcast
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1` # @ip du portail (côté réseau de consultation)
PRIVATE_DYN_FIRST_IP=`echo $PRIVATE_NETWORK | cut -d"." -f1-3`"."`expr $private_network_ending + 2` # @ip du portail (côté réseau de consultation)
PRIVATE_DYN_LAST_IP=`echo $PRIVATE_BROADCAST | cut -d"." -f1-3`"."`expr $private_broadcast_ending - 1` # @ip du portail (côté réseau de consultation)
PUBLIC_IP=`echo $PUBLIC_IP_MASK | cut -d"/" -f1` # @IP du portail (côté Internet)
PUBLIC_NETMASK=`/bin/ipcalc -m $PUBLIC_IP_MASK | cut -d"=" -f2` # masque réseau côté Internet (ex.: 255.255.255.0)
# Change in ALCASAR-parameters
$SED "s?^- WAN IP.*?- WAN IP address ($EXTIF) :\t$PUBLIC_IP_MASK?g" $FIC_PARAM
$SED "s?^- Gateway.*?- Gateway IP addess :\t\t$PUBLIC_GATEWAY?g" $FIC_PARAM
$SED "s?^- DNS servers.*?- DNS servers :\t\t\t$DNS1 and $DNS2?g" $FIC_PARAM
$SED "s?^- LAN IP.*?- LAN IP address ($INTIF) :\t$PRIVATE_IP_MASK?g" $FIC_PARAM
$SED "s?^- Dynamic.*?- Dynamic IP addresses (DHCP) :\tfrom $PRIVATE_DYN_FIRST_IP to $PRIVATE_DYN_LAST_IP?g" $FIC_PARAM
# Networt Cards config
$SED "s?^IPADDR=.*?IPADDR=$PUBLIC_IP?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^NETMASK=.*?NETMASK=$PUBLIC_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^GATEWAY=.*?GATEWAY=$PUBLIC_GATEWAY?" /etc/sysconfig/network-scripts/ifcfg-$EXTIF
$SED "s?^IPADDR=.*?IPADDR=$PRIVATE_IP?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
$SED "s?^NETMASK=.*?NETMASK=$PRIVATE_NETMASK?" /etc/sysconfig/network-scripts/ifcfg-$INTIF
# NTP server
$SED "s?^restrict.*?restrict $PRIVATE_NETWORK mask $PRIVATE_NETMASK nomodify notrap\nrestrict 127.0.0.1?" /etc/ntp.conf
$SED "s?^ntpd:.*?ntpd: $PRIVATE_NETWORK_SHORT?" /etc/hosts.allow
# Alcasar control center
FIC_MOD_SSL=`find /etc/httpd/modules.d/ -type f -name *mod_ssl.conf`
$SED "s?^\$private_ip =.*?\$private_ip = \"$PRIVATE_IP\";?g" $DIR_WEB/index.php
$SED "s?^Listen.*?Listen $PRIVATE_IP:80?g" /etc/httpd/conf/httpd.conf
$SED "s?^Listen.*?Listen $PRIVATE_IP:443?g" $FIC_MOD_SSL
#...
# Start / Stop SSH Daemon
ssh_active=`grep SSH $DIR_DEST_ETC/alcasar-network|cut -d"=" -f2`
if [ $ssh_active = "on" ]
then
/sbin/chkconfig --add sshd
else
/sbin/chkconfig --del sshd
fi
$DIR_DEST_BIN/alcasar-iptables.sh