version 2.18, 2005/03/01 21:47:20 |
version 2.20, 2005/03/04 23:53:14 |
|
|
# Licensed under terms of GNU General Public License. |
# Licensed under terms of GNU General Public License. |
# All rights reserved. |
# All rights reserved. |
# |
# |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.17 2005/01/16 17:24:23 rajo Exp $ |
# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.19 2005/03/01 23:17:11 rajo Exp $ |
# |
# |
# Changelog: |
# Changelog: |
# 2003-10-24 - created |
# 2003-10-24 - created |
|
|
print_iface_status() |
print_iface_status() |
{ # {{{ |
{ # {{{ |
# Print interfaces: |
# Print interfaces: |
echo "# iface | IP addr | broadcast | netmask | HW addr" |
echo "# iface | IP addr | Gateway | broadcast | netmask | HW addr" |
for iface in $interfaces; do |
for iface in $interfaces; do |
IP="IP_$iface"; Bcast="Bcast_$iface"; Mask="Mask_$iface"; HWaddr="HWaddr_$iface"; |
IP="IP_$iface"; Gateway="Gateway_$iface"; Bcast="Bcast_$iface"; Mask="Mask_$iface"; HWaddr="HWaddr_$iface"; |
echo "$iface | ${!IP} | ${!Bcast} | ${!Mask} | ${!HWaddr}" |
echo "$iface | ${!IP} | ${!Gateway} | ${!Bcast} | ${!Mask} | ${!HWaddr}" |
done |
done |
} # }}} |
} # }}} |
|
|
|
|
#$IPTABLES -A FORWARD -p ICMP -j LOG --log-prefix "FWD ICMP: " |
#$IPTABLES -A FORWARD -p ICMP -j LOG --log-prefix "FWD ICMP: " |
echo " done." |
echo " done." |
|
|
|
# Port forwarding to local machines |
|
if [ ! -z "$NAT_TCP_PORT_FORWARD" ]; then |
|
echo -en "\tForwarding ports to local machines:" |
|
for redirect in $NAT_TCP_PORT_FORWARD; do |
|
eval `echo $redirect | awk -v FS=: '{ printf "src_port=%s; local_machine=%s; dest_port=%s;", $1, $2, $3; }'` |
|
echo -en " $src_port -> $local_machine:$dest_port" |
|
$IPTABLES -t nat -A PREROUTING -p TCP -i $NAT_LAN_IFACE -d ${!lan_ip} \ |
|
--dport $src_port -j DNAT --to $local_machine:$dest_port |
|
$IPTABLES -A FORWARD -p TCP -i eth0 -d $local_machine --dport $dest_port -j ACCEPT |
|
done |
|
echo " done." |
|
fi |
|
|
# Keep state of connections from private subnets |
# Keep state of connections from private subnets |
$IPTABLES -A OUTPUT -m state --state NEW -o $NAT_LAN_IFACE -j ACCEPT |
$IPTABLES -A OUTPUT -m state --state NEW -o $NAT_LAN_IFACE -j ACCEPT |
#$IPTABLES -A FORWARD -m state --state NEW -o $NAT_LAN_IFACE -j ACCEPT |
#$IPTABLES -A FORWARD -m state --state NEW -o $NAT_LAN_IFACE -j ACCEPT |
Line 605 parse_ifconfig() |
|
Line 618 parse_ifconfig() |
|
END { printf "\ninterfaces=\"%s\"; export interfaces;\n", interfaces; } |
END { printf "\ninterfaces=\"%s\"; export interfaces;\n", interfaces; } |
'` |
'` |
|
|
|
eval `perl -e ' |
|
$\ = "\n"; |
|
open(FILE, "/proc/net/route") or die "Can not open /proc/net/route: $!"; |
|
my @columns = split(/\s+/, <FILE>); |
|
while (my $line = <FILE>) { |
|
my $iface; |
|
my @vals = split(/\s+/, $line); |
|
foreach my $key (@columns) { |
|
$iface->{$key} = shift @vals; |
|
} |
|
|
|
foreach my $key (qw( Gateway Destination )) { |
|
print "${key}_$iface->{Iface}=", |
|
qw("), hex2ip($iface->{$key}), qw("), |
|
"; export ${key}_$iface->{Iface};"; |
|
} |
|
foreach my $key (qw( Flags MTU Metric Window IRTT )) { |
|
print "${key}_$iface->{Iface}=", |
|
qw("), $iface->{$key}, qw("), |
|
"; export ${key}_$iface->{Iface};"; |
|
} |
|
} |
|
close(FILE); |
|
|
|
|
|
sub hex2ip |
|
{ # {{{ |
|
my ($str) = @_; |
|
my @block; |
|
|
|
my $hex = uc($str); |
|
|
|
while (length($hex)) { |
|
my $x = ord(substr($hex, 0, 1)); |
|
my $y = ord(substr($hex, 1, 1)); |
|
|
|
$x = $x > 64 ? $x - 55 : $x - 48; |
|
$y = $y > 64 ? $y - 55 : $y - 48; |
|
|
|
push @block, 16 * $x + $y; |
|
$hex = substr($hex, 2); |
|
} |
|
|
|
return join(".", reverse @block); |
|
|
|
} # }}} |
|
'` |
# Now we have defined variables like this: |
# Now we have defined variables like this: |
# IFACE_eth0 HWaddr_eth0 IP_eth0 Bcast_eth0 Mask_eth0 |
# IFACE_eth0 HWaddr_eth0 IP_eth0 Bcast_eth0 Mask_eth0 |
# IFACE_lo HWaddr_lo IP_lo Bcast_lo Mask_lo |
# IFACE_lo HWaddr_lo IP_lo Bcast_lo Mask_lo |