#!/bin/bash
+# $Id$
iptables="/sbin/iptables"
iptablesrestore="/sbin/iptables-restore"
-ifconfig="/sbin/ifconfig"
-grep="/bin/grep"
-cut="/usr/bin/cut"
-ipcalc="/usr/bin/ipcalc"
#pimp files must be generated by optional-tools/make-pimp utility
pimp_2way_nat="/dev/shm/pimp-2way-nat.tmp"
pubsecondbitmask="29"
chaintrack="_"
+# ===============================================================
+# ipcalc rewrite
+# ===============================================================
+
+gen_ipt_string() {
+eval `echo $1 | awk -F\/ '{printf "IP=%s; CIDRMASK=%s; \n", $1, $2}'`
+
+MASK_FULL_OCTETS=$(($CIDRMASK/8))
+MASK_PART_OCTETS=$(($CIDRMASK%8))
+for i in `seq 0 3`; do
+ if [ "$i" -lt "$MASK_FULL_OCTETS" ]; then
+ MASK+="255"
+ elif [ "$i" -eq "$MASK_FULL_OCTETS" ]; then
+ MASK+=$((256 - 2**(8-$MASK_PART_OCTETS)))
+ else
+ MASK+="0"
+ fi
+ [ "$i" -lt "3" ] && MASK+="."
+done
+
+eval `echo $IP | awk -F\. '{printf "IPBYTE1=%s; IPBYTE2=%s; IPBYTE3=%s; IPBYTE4=%s; \n", $1, $2, $3, $4}'`
+eval `echo $MASK | awk -F\. '{printf "MASKBYTE1=%s; MASKBYTE2=%s; MASKBYTE3=%s; MASKBYTE4=%s; \n", $1, $2, $3, $4}'`
+
+IPT_STRING="$(($IPBYTE1 & $MASKBYTE1))_$(($IPBYTE2 & $MASKBYTE2))_$(($IPBYTE3 & $MASKBYTE3))_$(($IPBYTE4 & $MASKBYTE4))_$CIDRMASK"
+echo $IPT_STRING
+}
+
echo "*nat" > $restoretmp
echo ":PREROUTING ACCEPT [0:0]" >> $restoretmp
echo ":POSTROUTING ACCEPT [0:0]" >> $restoretmp
# ===============================================================
echo -n "Generating new iptables-restore data - two way SNAT/DNAT "
-for czfip in `$grep -v ^# $pimp_2way_nat|$cut -f 1 -d " "`
-do
- pubip=`$grep "$czfip " $pimp_2way_nat|$cut -f 2 -d " "`
- czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- pubfirstindex=pub_`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- pubsecondindex=pub_`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+
+while read LINE; do
+ eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
+ czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
+ czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
+ czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
+ czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`
+ pubfirstindex=pub_`gen_ipt_string $pubip/$pubfirstbitmask`
+ pubsecondindex=pub_`gen_ipt_string $pubip/$pubsecondbitmask`
if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
then
echo :$czffirstindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
then
echo :$czfsecondindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
then
echo :$czfthirdindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
then
echo :$czffourthindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
if ! [[ "$chaintrack" == *"$pubfirstindex"* ]]
then
echo :$pubfirstindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $pubip/$pubfirstbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $pubip/$pubfirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A PREROUTING -i $wan1 -d $s -j $pubfirstindex >> $restoretmp
echo -A PREROUTING -i $wan2 -d $s -j $pubfirstindex >> $restoretmp
echo -A PREROUTING -i $wan3 -d $s -j $pubfirstindex >> $restoretmp
if ! [[ "$chaintrack" == *"$pubsecondindex"* ]]
then
echo :$pubsecondindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $pubip/$pubsecondbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $pubip/$pubsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A $pubfirstindex -i $wan1 -d $s -j $pubsecondindex >> $restoretmp
echo -A $pubfirstindex -i $wan2 -d $s -j $pubsecondindex >> $restoretmp
echo -A $pubfirstindex -i $wan3 -d $s -j $pubsecondindex >> $restoretmp
echo -n .
-done
+done < $pimp_2way_nat
echo " done."
# ===============================================================
# ===============================================================
echo -n "Generating new iptables-restore data - one way SNAT "
-for czfip in `$grep -v ^# $pimp_snat|$cut -f 1 -d " "`
-do
- pubip=`$grep "$czfip " $pimp_snat|$cut -f 2 -d " "`
- czffirstindex=priv_`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- czfsecondindex=priv_`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- czfthirdindex=priv_`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
- czffourthindex=priv_`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ |tr [./] _`
+while read LINE; do
+ eval `echo -e $LINE | awk '{printf "czfip=%s; pubip=%s\n", $1, $2}'`
+ czffirstindex=priv_`gen_ipt_string $czfip/$czffirstbitmask`
+ czfsecondindex=priv_`gen_ipt_string $czfip/$czfsecondbitmask`
+ czfthirdindex=priv_`gen_ipt_string $czfip/$czfthirdbitmask`
+ czffourthindex=priv_`gen_ipt_string $czfip/$czffourthbitmask`
if ! [[ "$chaintrack" == *"$czffirstindex"* ]]
then
echo :$czffirstindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czffirstbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czffirstbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan1 -j $czffirstindex >> $restoretmp
echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan2 -j $czffirstindex >> $restoretmp
echo -A POSTROUTING -d ! 10.0.0.0/8 -s $s -o $wan3 -j $czffirstindex >> $restoretmp
if ! [[ "$chaintrack" == *"$czfsecondindex"* ]]
then
echo :$czfsecondindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czfsecondbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czfsecondbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A $czffirstindex -s $s -o $wan1 -j $czfsecondindex >> $restoretmp
echo -A $czffirstindex -s $s -o $wan2 -j $czfsecondindex >> $restoretmp
echo -A $czffirstindex -s $s -o $wan3 -j $czfsecondindex >> $restoretmp
if ! [[ "$chaintrack" == *"$czfthirdindex"* ]]
then
echo :$czfthirdindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czfthirdbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czfthirdbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A $czfsecondindex -s $s -o $wan1 -j $czfthirdindex >> $restoretmp
echo -A $czfsecondindex -s $s -o $wan2 -j $czfthirdindex >> $restoretmp
echo -A $czfsecondindex -s $s -o $wan3 -j $czfthirdindex >> $restoretmp
if ! [[ "$chaintrack" == *"$czffourthindex"* ]]
then
echo :$czffourthindex "- [0:0]" >> $restoretmp
- s=`$ipcalc -n $czfip/$czffourthbitmask|$grep Network|$cut -f 4 -d \ `
+ s=`gen_ipt_string $czfip/$czffourthbitmask| sed 's/_[0-9]*//4; s/_/./g'`
echo -A $czfthirdindex -s $s -o $wan1 -j $czffourthindex >> $restoretmp
echo -A $czfthirdindex -s $s -o $wan2 -j $czffourthindex >> $restoretmp
echo -A $czfthirdindex -s $s -o $wan3 -j $czffourthindex >> $restoretmp
echo -A $czffourthindex -s $czfip/32 -o $wan4 -j SNAT --to-source $pubip >> $restoretmp
echo -n .
-done
+done < $pimp_snat
echo " done."
echo COMMIT >> $restoretmp
GIT.Harvie.CZ / svn / Prometheus-QoS / .git / commitdiff
