GIT.Harvie.CZ / svn / Prometheus-QoS / .git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
commit test
[svn/Prometheus-QoS/.git] / optional-tools / make-snat-dnat
1 #!/bin/bash
2
3 iptables="/sbin/iptables"
4 ifconfig="/sbin/ifconfig"
5
6 #pimp.conf should be regularly updated!
7 pimp="/rw/etc/pimp.conf"
8 script="/rw/etc/network/snat-dnat"
9
10 echo "#!/bin/bash" > $script
11 echo $iptables -t nat -F >> $script
12 echo $iptables -t nat -X >> $script
13 echo "echo -n \"Setting firewall rules \"" >> $script
14
15 # ===============================================================
16 # Symetricky SNAT-DNAT, zarazeny do indexovanych iptables
17 # ===============================================================
18
19 echo -n "Generating new pimp index rules "
20
21 for czfip in `grep -v ^# $pimp|cut -f 1 -d " "`
22 do
23 pubip=`grep "$czfip " $pimp|cut -f 2 -d " "`
24 czffirstindex=priv_`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
25 czfsecondindex=priv_`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
26 czfthirdindex=priv_`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
27 pubfirstindex=pub_`ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ |tr [./] _`
28 pubsecondindex=pub_`ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ |tr [./] _`
29
30
31 if ! grep $czffirstindex $script > /dev/null
32 then
33 echo $iptables -t nat -N $czffirstindex >> $script
34 echo $iptables -t nat -F $czffirstindex >> $script
35 echo $iptables -t nat -A POSTROUTING -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -o eth1 -j $czffirstindex >> $script
36 fi
37
38 if ! grep $czfsecondindex $script > /dev/null
39 then
40 echo $iptables -t nat -N $czfsecondindex >> $script
41 echo $iptables -t nat -F $czfsecondindex >> $script
42 echo $iptables -t nat -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -o eth1 -j $czfsecondindex >> $script
43 fi
44
45 if ! grep $czfthirdindex $script > /dev/null
46 then
47 echo $iptables -t nat -N $czfthirdindex >> $script
48 echo $iptables -t nat -F $czfthirdindex >> $script
49 echo $iptables -t nat -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -o eth1 -j $czfthirdindex >> $script
50 fi
51
52 if ! grep $pubfirstindex $script > /dev/null
53 then
54 echo $iptables -t nat -N $pubfirstindex >> $script
55 echo $iptables -t nat -F $pubfirstindex >> $script
56 echo $iptables -t nat -A PREROUTING -i eth1 -d `ipcalc -n $pubip/27|grep Network|cut -f 4 -d \ ` -j $pubfirstindex >> $script
57 fi
58
59 if ! grep $pubsecondindex $script > /dev/null
60 then
61 echo $iptables -t nat -N $pubsecondindex >> $script
62 echo $iptables -t nat -F $pubsecondindex >> $script
63 echo $iptables -t nat -A $pubfirstindex -i eth1 -d `ipcalc -n $pubip/29|grep Network|cut -f 4 -d \ ` -j $pubsecondindex >> $script
64 fi
65
66 echo $iptables -t nat -A $pubsecondindex -i eth1 -d $pubip/32 -j DNAT --to-destination $czfip >> $script
67 echo $iptables -t nat -A $pubsecondindex -i eth1 -d $pubip/32 -j ACCEPT >> $script
68
69 echo $iptables -t nat -A $czfthirdindex -s $czfip/32 -o eth1 -j SNAT --to-source $pubip >> $script
70 echo $iptables -t nat -A $czfthirdindex -s $czfip/32 -o eth1 -j ACCEPT >> $script
71
72 echo -n .
73 echo "echo -n ." >>$script
74 done
75 echo " done."
76
77 # ===============================================================
78 # Pravidla pro dashboard
79 # ===============================================================
80
81 echo -n "Generating dashboard index rules "
82
83 for czfip in `grep ^10[.] /etc/hosts|grep dashboard-|cut -f 1`
84 do
85 czffirstindex=dash_`ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ |tr [./] _`
86 czfsecondindex=dash_`ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ |tr [./] _`
87 czfthirdindex=dash_`ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ |tr [./] _`
88
89 if ! grep $czffirstindex $script > /dev/null
90 then
91 echo $iptables -t nat -N $czffirstindex >> $script
92 echo $iptables -t nat -F $czffirstindex >> $script
93 echo $iptables -t nat -A PREROUTING -s `ipcalc -n $czfip/20|grep Network|cut -f 4 -d \ ` -i eth0 -j $czffirstindex >> $script
94 fi
95
96 if ! grep $czfsecondindex $script > /dev/null
97 then
98 echo $iptables -t nat -N $czfsecondindex >> $script
99 echo $iptables -t nat -F $czfsecondindex >> $script
100 echo $iptables -t nat -A $czffirstindex -s `ipcalc -n $czfip/23|grep Network|cut -f 4 -d \ ` -i eth0 -j $czfsecondindex >> $script
101 fi
102
103 if ! grep $czfthirdindex $script > /dev/null
104 then
105 echo $iptables -t nat -N $czfthirdindex >> $script
106 echo $iptables -t nat -F $czfthirdindex >> $script
107 echo $iptables -t nat -A $czfsecondindex -s `ipcalc -n $czfip/26|grep Network|cut -f 4 -d \ ` -i eth0 -j $czfthirdindex >> $script
108 fi
109
110 echo $iptables -t nat -A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp --dport 80 -j REDIRECT --to 8080 >> $script
111 echo $iptables -t nat -A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp --dport 3128 -j REDIRECT --to 8080 >> $script
112 echo $iptables -t nat -A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -p tcp --dport 8080 -j ACCEPT >> $script
113 echo $iptables -t nat -A $czfthirdindex -s $czfip -d ! 10.0.0.0/8 -j DROP >> $script
114
115 echo -n .
116 echo "echo -n ." >>$script
117
118 done
119 echo " done."
120
121 chmod a+x $script
https://dev.arachne.cz/repos/prometheus/trunk (mirrored @ Tue, 16 Apr 2024 14:30:05 +0200)
This page took 0.345703 seconds and 4 git commands to generate.