expand the frankenrouter a bit to add/del ips
This commit is contained in:
parent
a0ff34fd1d
commit
c0329ddbe8
4 changed files with 57 additions and 24 deletions
|
@ -1,7 +1,8 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
PUBIF=ens18
|
PUBIF=ens18
|
||||||
TRANSPORT_IP="1.2.3.4/24"
|
TRANSPORT_IP="1.2.3.4"
|
||||||
|
TRANSPORT_MASK="24"
|
||||||
TRANSPORT_GW="1.2.3.1"
|
TRANSPORT_GW="1.2.3.1"
|
||||||
APIHOST="www.api.tld"
|
APIHOST="www.api.tld"
|
||||||
LABEL="routername"
|
LABEL="routername"
|
||||||
|
|
|
@ -6,6 +6,7 @@ import json
|
||||||
import datetime
|
import datetime
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
import re
|
||||||
|
|
||||||
clientiface = 'ens19'
|
clientiface = 'ens19'
|
||||||
workscriptpath = '/root/fr-workscripts/'
|
workscriptpath = '/root/fr-workscripts/'
|
||||||
|
@ -37,8 +38,9 @@ LO_IP="127.0.0.1"
|
||||||
|
|
||||||
{2}""".format(workfile, today, data)
|
{2}""".format(workfile, today, data)
|
||||||
filename = os.path.join(workscriptpath, workfile + '.sh')
|
filename = os.path.join(workscriptpath, workfile + '.sh')
|
||||||
prevfile = os.path.join(workscriptpath, workfile + '-{}'.format(today) + '.bak')
|
#prevfile = os.path.join(workscriptpath, workfile + '-{}'.format(today) + '.bak')
|
||||||
subprocess.call('mv {0} {1}'.format(filename, prevfile), shell=True)
|
#subprocess.call('mv {0} {1}'.format(filename, prevfile), shell=True)
|
||||||
|
subprocess.call('rm {0}'.format(filename), shell=True)
|
||||||
writefile(filename, script)
|
writefile(filename, script)
|
||||||
subprocess.call('chmod +x {}'.format(filename), shell=True)
|
subprocess.call('chmod +x {}'.format(filename), shell=True)
|
||||||
subprocess.call('{}'.format(filename), shell=True)
|
subprocess.call('{}'.format(filename), shell=True)
|
||||||
|
@ -218,6 +220,7 @@ $IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
|
||||||
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
|
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
|
||||||
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
|
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
|
||||||
|
|
||||||
|
#$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
|
||||||
"""
|
"""
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
@ -274,34 +277,59 @@ dhcpd -4 -cf /root/fr-vlanconf/v{0}.dhconf -lf /root/fr-vlanconf/v{0}.dhlease -p
|
||||||
""".format(vlanid, clientiface)
|
""".format(vlanid, clientiface)
|
||||||
return data
|
return data
|
||||||
|
|
||||||
def setpubips():
|
def allipsetup(iplist):
|
||||||
rr = open('/root/pubip.cache', 'r').read()
|
rr = open(iplist, 'r').read()
|
||||||
cache = json.loads(rr)
|
cache = json.loads(rr)
|
||||||
data = ''
|
|
||||||
data += """
|
conffile = open('/root/frankenrouter/config.sh', 'r')
|
||||||
$IPT -t nat -P PREROUTING ACCEPT
|
for line in conffile:
|
||||||
$IPT -t nat -P POSTROUTING ACCEPT
|
if re.search('TRANSPORT_MASK', line):
|
||||||
$IPT -t nat -F
|
ip_mask = line.split('=', 1)[1].rstrip().replace('"', '')
|
||||||
$IPT -t nat -X
|
conffile.close()
|
||||||
#$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
|
|
||||||
"""
|
|
||||||
for ip, vlan in cache.items():
|
for ip, vlan in cache.items():
|
||||||
data += """
|
bashexec('ipadd-{}-{}'.format(ip, vlan), assignip(ip, ip_mask, vlan))
|
||||||
ip link del vtap{1}
|
|
||||||
|
def assignip(ip, ip_mask, vlan):
|
||||||
|
data = """
|
||||||
ip link add vtap{1} link $INET_IFACE type macvlan
|
ip link add vtap{1} link $INET_IFACE type macvlan
|
||||||
ip addr add {0}/24 dev vtap{1}
|
ip addr add {0}/{2} dev vtap{1}
|
||||||
ip link set dev vtap{1} up
|
ip link set dev vtap{1} up
|
||||||
$IPT -t nat -A PREROUTING -d {0} -j DNAT --to-destination 10.0.{1}.10
|
$IPT -t nat -A PREROUTING -d {0} -j DNAT --to-destination 10.0.{1}.10
|
||||||
$IPT -t nat -A POSTROUTING -s 10.0.{1}.10 -j SNAT --to-source {0}
|
$IPT -t nat -A POSTROUTING -s 10.0.{1}.10 -j SNAT --to-source {0}
|
||||||
|
""".format(ip, vlan, ip_mask)
|
||||||
|
return data
|
||||||
|
|
||||||
|
def removeip(ip, vlan):
|
||||||
|
data = """
|
||||||
|
ip link set dev vtap{1} down
|
||||||
|
ip link delete vtap{1}
|
||||||
|
$IPT -t nat -D PREROUTING -d {0} -j DNAT --to-destination 10.0.{1}.10
|
||||||
|
$IPT -t nat -D POSTROUTING -s 10.0.{1}.10 -j SNAT --to-source {0}
|
||||||
""".format(ip, vlan)
|
""".format(ip, vlan)
|
||||||
return data
|
return data
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
if sys.argv[1] == 'init':
|
helpdata = """
|
||||||
bashexec('fwfconfig', initfw())
|
python3 frankenrouter.py init --- setup the default firewall, read the contents of /root/pubip.cache and setup all assigments. Useful on startup
|
||||||
bashexec('vlfconfig', setvlans(clientiface))
|
|
||||||
bashexec('ipfconfig', setpubips())
|
|
||||||
|
|
||||||
if sys.argv[1] == 'apply':
|
python3 ipadd VLAN IP --- add IP to VLAN
|
||||||
bashexec('ipfconfig', setpubips())
|
python3 ipdel VLAN IP --- del IP from VLAN
|
||||||
|
"""
|
||||||
|
try:
|
||||||
|
if sys.argv[1] == 'init':
|
||||||
|
bashexec('fwsetup', initfw())
|
||||||
|
bashexec('vlsetup', setvlans(clientiface))
|
||||||
|
|
||||||
|
if sys.argv[1] == 'allipadd':
|
||||||
|
bashexec('allipsetup', allipsetup('/root/pubip.cache'))
|
||||||
|
|
||||||
|
if sys.argv[1] == 'ipadd':
|
||||||
|
bashexec('ipadd-{}-{}'.format(sys.argv[2], sys.argv[3]), assignip(sys.argv[2], sys.argv[3]))
|
||||||
|
|
||||||
|
if sys.argv[1] == 'ipdel':
|
||||||
|
bashexec('ipdel-{}-{}'.format(sys.argv[2], sys.argv[3]), removeip(sys.argv[2], sys.argv[3]))
|
||||||
|
except Exception as e:
|
||||||
|
print(str(e))
|
||||||
|
print(helpdata)
|
||||||
|
|
||||||
|
|
|
@ -5,11 +5,13 @@
|
||||||
mkdir -p /root/fr-vlanconf
|
mkdir -p /root/fr-vlanconf
|
||||||
mkdir -p /root/fr-workscripts
|
mkdir -p /root/fr-workscripts
|
||||||
|
|
||||||
ip addr add $TRANSPORT_IP dev $PUBIF
|
ip addr add $TRANSPORT_IP/$TRANSPORT_MASK dev $PUBIF
|
||||||
sleep 5
|
sleep 3
|
||||||
ip route add default via $TRANSPORT_GW
|
ip route add default via $TRANSPORT_GW
|
||||||
|
|
||||||
python3 /root/frankenrouter/frankenrouter.py init
|
python3 /root/frankenrouter/frankenrouter.py init
|
||||||
|
python3 /root/frankenrouter/frankenrouter.py allipadd
|
||||||
|
|
||||||
|
|
||||||
sysctl -p
|
sysctl -p
|
||||||
|
|
||||||
|
|
|
@ -35,3 +35,5 @@ if result['status'] == 'ok':
|
||||||
wr.close()
|
wr.close()
|
||||||
print('public ip cache updated')
|
print('public ip cache updated')
|
||||||
|
|
||||||
|
else:
|
||||||
|
print('no data')
|
||||||
|
|
Loading…
Reference in a new issue