Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Contribute to GitLab
Sign in
Toggle navigation
N
nexdpi
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
sysadmin
nexdpi
Commits
78201c02
Commit
78201c02
authored
Apr 24, 2021
by
Franco (nextime) Lanza
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Add multihome script
parent
a6f49b25
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
174 additions
and
2 deletions
+174
-2
mhome
mhome
+162
-0
rc.local
rc.local
+12
-2
No files found.
mhome
0 → 100755
View file @
78201c02
#!/bin/bash -x
# This script is called with the following arguments:
# Arg Name Example
# $1 Interface name ppp0
# $2 The tty ttyS1
# $3 The link speed 38400
# $4 Local IP number 12.34.56.78
# $5 Peer IP number 12.34.56.99
# $6 Optional ``ipparam'' value foo
# The environment is cleared before executing this script
# so the path must be reset
PATH
=
/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin
export
PATH
# These variables are for the use of the scripts run by run-parts
[
!
-z
"
$IFACE
"
]
&&
WAN_IFACE
=
$IFACE
||
WAN_IFACE
=
"
$1
"
#WAN_TTY="$2"
#WAN_SPEED="$3"
[
!
-z
"
$IFACE
"
]
&&
WAN_LOCAL
=
$(
ip addr show dev
$IFACE
|
grep
inet |
grep
-we
"eth0$"
|
awk
'{print $2}'
|
awk
-F
'/'
'{print $1}'
)
||
WAN_LOCAL
=
"
$4
"
WAN_REMOTE
=
"
$5
"
WAN_GW
=
$WAN_REMOTE
#WAN_IPPARAM="$6"
# XXX Update it for IPv6
IP
=
/sbin/ip
IPT
=
/sbin/iptables
CNT
=
/usr/sbin/conntrack
VANILLA
=
eth0
CATCHALL
=
$VANILLA
CATCHALL_TABLE
=
catchall
LAN_IF
=
br0
DEFROUTES
=
$VANILLA
OVPN_CONFIG_DIR
=
"/etc/openvpn"
CDIR
=
$(
dirname
$0
)
FIXEDACTIVEDEVS
=
"eth0"
PPPACTIVEDEVS
=
$(
/sbin/ifconfig |
grep
ppp |
awk
'{print $1}'
|
grep
-v
-w
ppp |
cut
-b
-4
)
[[
-n
$FIXEDACTIVEDEVS
&&
-n
$PPPACTIVEDEVS
]]
&&
ACTIVEDEVS
=
"
$PPPACTIVEDEVS
$FIXEDACTIVEDEVS
"
[
-z
$ACTIVEDEVS
]
&&
[
-n
$FIXEDACTIVEDEVS
]
&&
ACTIVEDEVS
=
"
$FIXEDACTIVEDEVS
"
[
-z
$ACTIVEDEVS
]
&&
[
-n
$PPPACTIVEDEVS
]
&&
ACTIVEDEVS
=
"
$PPPACTIVEDEVS
"
MANUAL
=
/etc/nexdpi
UP
=
/etc/ppp/ip-up.d
DOWN
=
/etc/ppp/ip-down.d
echo
$ACTIVEDEVS
>
/tmp/active.devices
echo
${
CDIR
}
>
/tmp/mhome.cdir
case
${
WAN_IFACE
}
in
$VANILLA
)
TABLE
=
"vanilla"
MARK
=
1
;;
#$ADEPT)
# TABLE="adept"
# MARK=2
# ;;
*
)
TABLE
=
"vanilla"
MARK
=
1
esac
if
[
$MARK
!=
"NO"
]
;
then
case
${
CDIR
}
in
$UP
|
$MANUAL
)
[
${
CDIR
}
=
$UP
]
&&
$IP
route add default dev
$WAN_IFACE
table
$TABLE
||
$IP
route add default via
$WAN_GW
table
$TABLE
$IP
rule add from
$WAN_LOCAL
table
$TABLE
$IP
rule add fwmark
$MARK
table
$TABLE
if
[
$MARK
==
1
]
;
then
# This is the primary output interface,
# so, set also the fwmark used by the shaping system
for
i
in
$(
seq
5 15
)
;
do
$IP
rule add fwmark
$i
table
$TABLE
done
fi
$IPT
-t
mangle
-I
POSTROUTING
-o
$WAN_IFACE
-m
mark
--mark
0
-j
MARK
--set-mark
$MARK
echo
0
>
/proc/sys/net/ipv4/conf/
$WAN_IFACE
/rp_filter
# DISABLE MARTIANS FILTERING
echo
10
>
/proc/sys/net/ipv4/route/gc_timeout
# FAST ROUTING TABLE CACHE TIMEOUT
#echo 10 > /prot/sys/net/ipv6/route/gc_timeout # XXX Do we really need it for ipv6?
# Dynamic DNS update here!
# My example works for my own system, but you
# can add anything here.
#setsid /usr/bin/wget --timeout=30 -r 10 -t 2 --spider --no-check-certificate --bind-address=$WAN_LOCAL --http-user=mydnsuser --http-password=mydnspwd --quiet https://dns.web.host.com/update/$TABLE 2>&1 > /dev/null
logger
-t
"[PPP
$WAN_IFACE
-
$TABLE
]"
"Connection up (ip
$WAN_LOCAL
, activedevices
$ACTIVEDEVS
)"
for
VPN_CONFIG
in
`
cd
$OVPN_CONFIG_DIR
;
ls
*
.
$TABLE
.conf 2> /dev/null
`
;
do
VPN_NAME
=
${
VPN_CONFIG
%%.conf
}
cat
$OVPN_CONFIG_DIR
/
$VPN_CONFIG
|
grep
-v
"^local"
>
$OVPN_CONFIG_DIR
/
$VPN_CONFIG
.tmp
echo
"local
$WAN_LOCAL
"
>>
$OVPN_CONFIG_DIR
/
$VPN_CONFIG
.tmp
mv
$OVPN_CONFIG_DIR
/
$VPN_CONFIG
.tmp
$OVPN_CONFIG_DIR
/
$VPN_CONFIG
/etc/init.d/openvpn stop
$VPN_NAME
>
/dev/null 2>&1
/etc/init.d/openvpn start
$VPN_NAME
>
/dev/null 2>&1
logger
-t
"[PPP
$TABLE
- OpenVPN]"
"
$VPN_NAME
enabled on
$WAN_LOCAL
"
done
# if this interface is a catchall interface, inject a default route in the special catchall table
if
[
x
${
WAN_IFACE
}
=
x
${
CATCHALL
}
]
;
then
$IP
route del default table catchall
[
${
CDIR
}
=
$UP
]
&&
$IP
route add default dev
$WAN_IFACE
table
$CATCHALL_TABLE
||
$IP
route add default via
$WAN_GW
table
$CATCHALL_TABLE
fi
;;
$DOWN
)
$IPT
-t
mangle
-D
POSTROUTING
-o
$WAN_IFACE
-j
MARK
--set-mark
$MARK
$IP
rule del fwmark
$MARK
table
$TABLE
$IP
rule del from
$WAN_LOCAL
table
$TABLE
# Remove already established connection from the conntrack table
$CNT
-D
-m
$MARK
logger
-t
"[WAN
$WAN_IFACE
-
$TABLE
]"
"Connection down (ex ip
$WAN_LOCAL
, activedevices
$ACTIVEDEVS
)"
for
VPN_CONFIG
in
`
cd
$OVPN_CONFIG_DIR
;
ls
*
.
$TABLE
.conf 2> /dev/null
`
;
do
VPN_NAME
=
${
VPN_CONFIG
%%.conf
}
/etc/init.d/openvpn stop
$VPN_NAME
>
/dev/null 2>&1
logger
-t
"[WAN
$TABLE
- OpenVPN]"
"
$VPN_NAME
disabled"
done
;;
esac
$IP
route del default 2>&1
>
/dev/null
$IP
route del default table default 2>&1
>
/dev/null
if
[
x
"
$ACTIVEDEVS
"
!=
x
""
]
;
then
DEFR
=
""
for
iface
in
$PPPACTIVEDEVS
do
DEFR
=
"
$DEFR
nexthop dev
$iface
weight 1"
done
for
iface
in
$FIXEDACTIVEDEVS
do
DEFR
=
"
$DEFR
nexthop dev
$iface
via
$WAN_GW
weight 1"
done
$IP
route add default scope global table default
$DEFR
#$IP route add default equalize $DEFR
fi
$IP
route flush cache
$IP
route flush cache table default
fi
rc.local
View file @
78201c02
...
...
@@ -90,11 +90,21 @@ ip route flush cache
iptables
-t
mangle
-A
POSTROUTING
-j
CONNMARK
--save-mark
iptables
-t
mangle
-A
PREROUTING
-j
CONNMARK
--restore-mark
# If you have multiple WANS
# and you don't want to use if-up.d or ppp-up.d
# you can launch the multihome script from here.
#
# The script can be just symlinked in if-up/down and ppp-up/down
#
#setsid /etc/nexdpi/mhome $PUBLIC_IF ethernet 1GB $PUBLIC_IP $GW &
# Shaping policies
setsid /etc/multihome/shaping &
setsid /etc/nexdpi/shaping &
# Deep Packet Inspection
/etc/
multihome
/dpi
>
/tmp/dpi.log 2>&1 &
/etc/
nexdpi
/dpi
>
/tmp/dpi.log 2>&1 &
disown
ipset add full_ip 192.168.1.2
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment