#!/bin/bash # #!F:ip-masq.init # #!P:/etc/init.d # #!S:root:root 755 # #!D:IP Masquerading Configuration # #!C:Copyright 1997-1998 Peter Bieringer # #!V:Version 1.05 13.06.1998 # # Changes to # 1.01: Info display # 1.02: Restart option, test if kernel supports masquerading # 1.03: Autorecognition of kernel >= 2.1.102 to take ipchains instead of ipfwadm # 1.04: Switch to enable IP dynamic address hack-port v0.03(-rst) # 1.05: New error handling # # Return Values: 0=ok >0=error IP4PRIVATENETWORK="192.168.0.0/16" IPMASQMODULES="ip_masq*" # Display information info() { grep "^#!D" $0 | awk -F: '{ print $2}' grep "^#!C" $0 | awk -F: '{ print " " $2}' grep "^#!V" $0 | awk -F: '{ print " " $2}' echo } # Display error information error() { echo $CMDLINE ...error! exit $1 } # Show information showinfo() { case "$IPFW" in ipfwadm) $IPFWAPP -I -l $IPFWAPP -O -l $IPFWAPP -F -l ;; ipchains) $IPFWAPP -L ;; esac } ## Start CMDLINE="$0 $*" echo $CMDLINE executed... info # Test kernel supports IPv4 masquerading if ! [ -f /proc/net/ip_masq ]; then echo -e "\a Error: Kernel doesn't support masquerading!" echo " You have to compile a new one, don't forget to enable this features." error 1 fi # Test kernel supports ipchains if [ -f /proc/net/ip_fwchains ]; then # using ipchains, kernel >= 2.1.102 or patched IPFW=ipchains else # using ipfwadm, kernel < 2.1.102 IPFW=ipfwadm fi # Test FW binary exits IPFWAPP=`which $IPFW` if [ "$IPFWAPP" = "" ]; then echo -e "\a Missing firewall setup binary '$IPFW'!" error 2 fi # Source function library. [ -f /etc/init.d/functions ] || error 1 . /etc/init.d/functions # Source networking configuration. [ -f /etc/sysconfig/network ] || error 1 . /etc/sysconfig/network # Check if networking is up. [ "$NETWORKING" = "yes" -o "$NETWORKING" = "YES" ] || error 2 #Get Kernel Version for module loading VERSION=`cat /proc/version | awk '{ print $3 }' ` case "$1" in start) echo " Start IP Masquerading..." # load ip_masquerading modules echo -n " Load IP-Masquerading Modules:" cd /lib/modules/${VERSION}/ipv4 for i in ${IPMASQMODULES}; do echo -n " $i" insmod $i; done echo # Firewall setup for masquerading intranet to internet echo " Setup IP firewall rule for masquerading" case "$IPFW" in ipfwadm) $IPFWAPP -F -p deny $IPFWAPP -F -a accept -m -P all -S $IP4PRIVATENETWORK ;; ipchains) $IPFWAPP -P forward DENY $IPFWAPP -A forward -j MASQ -p all -s $IP4PRIVATENETWORK ;; esac echo showinfo # To enable IP dynamic address hack-port v0.03(-rst) echo -n " Support dynamically changing packet source address at dial-up:" if [ -f /proc/sys/net/ipv4/ip_dynaddr ]; then echo 7 > /proc/sys/net/ipv4/ip_dynaddr echo " ok." else echo " missing sysctrl!" fi echo " Done!" ;; stop) echo " Stop IP Masquerading..." # Firewall-Setup Reset Rules echo " Clear Firewall IP-Masquerading Rules" case "$IPFW" in ipfwadm) $SYSPATH/ipfwadm -F -d accept -m -P all -S $IP4PRIVATENETWORK ;; ipchains) $IPFWAPP -D forward -j MASQ -p all -s $IP4PRIVATENETWORK ;; esac # unload ip_masquerading modules echo " Unload IP-Masquerading Modules:" cd /lib/modules/${VERSION}/ipv4 for i in ${IPMASQMODULES}; do echo -n " $i:" rmmod ${i%.o} done echo showinfo echo " Done!" ;; restart) echo $0 stop $0 stop echo Wait... sleep 3 echo $0 start $0 start ;; *) echo "Syntax: ip-masq.init {start|stop|restart}" error 9 esac echo $CMDLINE ...done exit 0