ViewVC Help
View File | Revision Log | Show Annotations | Revision Graph | Root Listing
root/cebix/BasiliskII/src/Unix/tunconfig
Revision: 1.2
Committed: 2005-05-14T16:08:17Z (19 years, 6 months ago) by gbeauche
Branch: MAIN
CVS Tags: nigel-build-19, nigel-build-17, HEAD
Changes since 1.1: +32 -9 lines
Log Message:
Try to improve the documentation concerning the "tun" interface. Take note
that that kernel module must be loaded and IP forwarding enabled. Also add
slight improvements to the "tunconfig" script so that sudo /sbin/ifconfig
and sudo /sbin/iptables are really supported for current user if not root.

File Contents

# User Rev Content
1 gbeauche 1.1 #!/bin/bash
2     ###########################################################################
3     # Configuration of the tunN devices for usage with Basilisk II.
4     # (derived MOL tunconfig script)
5     #
6     # This script should be named /usr/share/BasiliskII/tunconfig (unless
7     # the default name has been changed with the 'etherconfig' keyword).
8     #
9     # Usage: tunconfig iface up|down
10     #
11     # If the linux box is configured as a firewall, the rules below might
12     # need some adjustments.
13     #
14 gbeauche 1.2 # The IP Tunnel driver requires IP forwarding to be enabled. Run as root:
15     #
16     # echo 1 >/proc/sys/net/ipv4/ip_forward
17     #
18 gbeauche 1.1 ###########################################################################
19    
20     SUDO=/usr/bin/sudo
21 gbeauche 1.2 IFCONFIG=/sbin/ifconfig
22 gbeauche 1.1 IPTABLES=/sbin/iptables
23    
24     #########################################################
25    
26 gbeauche 1.2 [[ "x$1" = "x-n" ]] && {
27     DONT_EXECUTE=yes
28     shift 1
29     }
30    
31 gbeauche 1.1 TUN_DEV=$1
32     ACTION=$2
33    
34     TUN_NUM=`echo $TUN_DEV | sed s/[^0-9]//g`
35     NET_NUM=`expr 40 + $TUN_NUM`
36     TUN_NET=172.20.$NET_NUM.0/24
37     TUN_HOST=172.20.$NET_NUM.1
38    
39     #########################################################
40     # Misc Checks
41     #########################################################
42    
43     [[ $# = 2 ]] || {
44 gbeauche 1.2 echo "Usage: tunconfig [-n] iface up|down"
45 gbeauche 1.1 exit 2
46     }
47    
48     [[ "`id -u`" = "0" ]] && {
49 gbeauche 1.2 echo "---> $SUDO not necessary." 1>&2
50     SUDO=""
51 gbeauche 1.1 }
52    
53 gbeauche 1.2 [[ -x $IPTABLES ]] || {
54 gbeauche 1.1 echo "---> $IPTABLES not found." 1>&2
55 gbeauche 1.2 exit 1
56 gbeauche 1.1 }
57    
58 gbeauche 1.2 if [ -n "$SUDO" ]; then
59     $SUDO -l | grep -q "NOPASSWD: $IFCONFIG" || {
60     echo "---> Missing sudo NOPASSWD: $IFCONFIG." 1>&2
61     exit 1
62     }
63     $SUDO -l | grep -q "NOPASSWD: $IPTABLES" || {
64     echo "---> Missing sudo NOPASSWD: $IPTABLES." 1>&2
65     exit 1
66     }
67     IFCONFIG="$SUDO $IFCONFIG"
68     IPTABLES="$SUDO $IPTABLES"
69     fi
70    
71     [[ "x$DONT_EXECUTE" = "xyes" ]] && exit 0
72    
73 gbeauche 1.1 $IPTABLES -L -n -t nat > /dev/null || exit 1
74    
75     #########################################################
76     # Remove old (possibly stale) ruleset
77     #########################################################
78    
79     {
80     $IPTABLES -t nat -D POSTROUTING -s $TUN_NET -d ! $TUN_NET -j MASQUERADE
81     } >& /dev/null
82    
83     #########################################################
84     # Bring down interface
85     #########################################################
86    
87     [[ "$ACTION" = down ]] && {
88 gbeauche 1.2 $IFCONFIG $TUN_DEV down
89 gbeauche 1.1 }
90    
91     #########################################################
92     # Configure interface
93     #########################################################
94    
95     [[ "$ACTION" = up ]] && {
96 gbeauche 1.2 $IFCONFIG $TUN_DEV $TUN_HOST
97 gbeauche 1.1
98     # masquerade the tun network
99     $IPTABLES -t nat -A POSTROUTING -s $TUN_NET -d ! $TUN_NET -j MASQUERADE
100     }
101    
102     exit 0