#!/bin/sh # # /etc/init.d/ip-masq.init # # based on ## /etc/init.d/named.init ## Ngo Than ## Date: 10.01.97 ## Source function library. ##################################################################### ## Modified: Erik Heim ## Date : 19.3.98 ## Reason : for startup ##################################################################### # and based on my # /etc/init.d/ip-masq.init # Version 1.05 # # IP Masquerading Configuration # # Copyright 1997-1998 Peter Bieringer # # Version 1.13 23.07.1998 # # Changes to # 1.01: Info display # 1.02: Restart option, test if kernel supports masquerading # 1.03: Autorecognition of kernel 2.1.102+ to take ipchains instead of ipfwadm # 1.04: Enable IP dynamic address hack-port v0.03(-rst) # 1.05: New error handling # 1.10: Rebuild for DLD 5.4 startup # 1.11: Minor corrections # 1.12: Corrections of module removing at stop, add debug switch # 1.13: Only English messages # Here specify network for masquerading IP4PRIVATENETWORK="192.168.0.0/16" # Here specify module names for masquerading IPMASQMODULES="ip_masq*" subsys_parameter=$1 LOCKDIR=/var/lock/subsys ################################################################# start_and_stop() { [ -f /etc/init.d/functions ] || exit 1 . /etc/init.d/functions # If some used functions were not defined until now... # At the moment, only Delix DLD 5.4 supports them directly if ! print_message >/dev/null 2>&1; then print_message () { $0 ${subsys_parameter}_msg } fi if ! check_lock >/dev/null 2>&1; then check_lock() { local LOCK_FAIL if [ $# = 0 ]; then echo "check_lock Lockfile start|stop" return 2 fi LOCK_FAIL=0 if [ -f "$1" -a "$2" = "stop" ]; then LOCK_FAIL=1 ; fi if [ ! -f "$1" -a "$2" = "start" ]; then LOCK_FAIL=1 ; fi echo return $LOCK_FAIL } fi if ! logexec >/dev/null 2>&1; then logexec() { $* } fi # End of defines [ -f /etc/sysconfig/network ] || exit 1 # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "yes" ] || exit 1 # Source runservice [ -f /etc/sysconfig/runservices ] && . /etc/sysconfig/runservices check_lock $LOCKDIR/ip-masq.init "$subsys_parameter" if [ "$?" = 0 ]; then exit 0 ; fi # Masquerading in /etc/sysconfig/runservices enabled? [ "$MASQUERADING" = "yes" ] || exit 2 # Test kernel supports IPv4 masquerading if ! [ -f /proc/net/ip_masq -o -f /proc/net/ip_masquerade ]; then echo -e "\a Error: Kernel doesn't support masquerading!" echo " You have to compile a new one, don't forget to enable this features." exit 1 fi ip-masq_selection #Get Kernel Version for module loading VERSION=`cat /proc/version | awk '{ print $3 }' ` print_message } ################################################################# # Several functions ip-masq_selection() { # Test kernel supports ipchains if [ -f /proc/net/ip_fwchains ]; then # using ipchains, kernel 2.1.102+ or patched IPFW=ipchains echo -e " Using kernel 2.1.102+ needs 'ipchains' instead of 'ipfwadm'!" else # using ipfwadm, kernel < 2.1.102 IPFW=ipfwadm fi # Test FW binary exits IPFWAPP=`which $IPFW` if [ "$IPFWAPP" = "" -o ! -x "$IPFWAPP" ]; then echo -e "\a Missing or can't execute firewall setup binary '$IPFW'!" exit 1 fi } showinfo() { ip-masq_selection case "$IPFW" in ipfwadm) $IPFWAPP -n -I -l $IPFWAPP -n -O -l $IPFWAPP -n -F -l ;; ipchains) $IPFWAPP -n -L ;; esac } ip-masq_start() { # load ip_masquerading modules echo -n " Load IP-Masquerading Modules:" cd /lib/modules/$VERSION/ipv4 for i in $IPMASQMODULES; do echo -n " $i" insmod $i; done echo # Firewall setup for masquerading intranet to internet echo " Setup IP firewall rule for masquerading" case "$IPFW" in ipfwadm) $IPFWAPP -F -p deny $IPFWAPP -F -a accept -m -P all -S $IP4PRIVATENETWORK ;; ipchains) $IPFWAPP -P forward DENY $IPFWAPP -A forward -j MASQ -p all -s $IP4PRIVATENETWORK ;; esac echo showinfo # To enable IP dynamic address hack-port v0.03(-rst) echo -n " Support dynamically changing packet source address at dial-up:" if [ -f /proc/sys/net/ipv4/ip_dynaddr ]; then echo 7 > /proc/sys/net/ipv4/ip_dynaddr echo " ok." else echo " missing sysctrl!" fi return 0 } ip-masq_stop() { # Firewall-Setup Reset Rules echo " Clear Firewall IP-Masquerading Rules" case "$IPFW" in ipfwadm) $IPFWAPP -F -d accept -m -P all -S $IP4PRIVATENETWORK ;; ipchains) $IPFWAPP -D forward -j MASQ -p all -s $IP4PRIVATENETWORK ;; esac # unload ip_masquerading modules echo " Unload IP-Masquerading Modules:" cd /lib/modules/$VERSION/ipv4 for i in $IPMASQMODULES; do mname=`echo $i | sed 's/.o$//g'` echo -n " $mname:" rmmod $mname done echo showinfo return 0 } ################################################################# # See how we were called. ################################################################# case "$subsys_parameter" in start_msg) echo -n "Start IPv4-Masquerading Configuration." ;; stop_msg) echo -n "Stop IPv4-Masquerading Configuration." ;; start) start_and_stop if [ "$2" = "-d" ]; then ip-masq_start touch $LOCKDIR/ip-masq.init else logexec ip-masq_start logexec touch $LOCKDIR/ip-masq.init fi exit $FAIL ;; stop) start_and_stop if [ "$2" = "-d" ]; then ip-masq_stop rm -f $LOCKDIR/ip-masq.init else logexec ip-masq_stop logexec rm -f $LOCKDIR/ip-masq.init fi exit $FAIL ;; restart) $0 stop $0 start exit $? ;; info) showinfo exit 0 ;; *) echo "Usage: ip-masq.init {start|stop|restart|start_msg|stop_msg|info}" exit 1 ;; esac exit 0