expand the frankenrouter a bit to add/del ips

This commit is contained in:
deflax 2018-04-08 17:05:45 -04:00
parent a0ff34fd1d
commit c0329ddbe8
4 changed files with 57 additions and 24 deletions

View file

@ -1,7 +1,8 @@
#!/bin/bash #!/bin/bash
PUBIF=ens18 PUBIF=ens18
TRANSPORT_IP="1.2.3.4/24" TRANSPORT_IP="1.2.3.4"
TRANSPORT_MASK="24"
TRANSPORT_GW="1.2.3.1" TRANSPORT_GW="1.2.3.1"
APIHOST="www.api.tld" APIHOST="www.api.tld"
LABEL="routername" LABEL="routername"

View file

@ -6,6 +6,7 @@ import json
import datetime import datetime
import os import os
import sys import sys
import re
clientiface = 'ens19' clientiface = 'ens19'
workscriptpath = '/root/fr-workscripts/' workscriptpath = '/root/fr-workscripts/'
@ -37,8 +38,9 @@ LO_IP="127.0.0.1"
{2}""".format(workfile, today, data) {2}""".format(workfile, today, data)
filename = os.path.join(workscriptpath, workfile + '.sh') filename = os.path.join(workscriptpath, workfile + '.sh')
prevfile = os.path.join(workscriptpath, workfile + '-{}'.format(today) + '.bak') #prevfile = os.path.join(workscriptpath, workfile + '-{}'.format(today) + '.bak')
subprocess.call('mv {0} {1}'.format(filename, prevfile), shell=True) #subprocess.call('mv {0} {1}'.format(filename, prevfile), shell=True)
subprocess.call('rm {0}'.format(filename), shell=True)
writefile(filename, script) writefile(filename, script)
subprocess.call('chmod +x {}'.format(filename), shell=True) subprocess.call('chmod +x {}'.format(filename), shell=True)
subprocess.call('{}'.format(filename), shell=True) subprocess.call('{}'.format(filename), shell=True)
@ -218,6 +220,7 @@ $IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT $IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP " $IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
#$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
""" """
return data return data
@ -274,34 +277,59 @@ dhcpd -4 -cf /root/fr-vlanconf/v{0}.dhconf -lf /root/fr-vlanconf/v{0}.dhlease -p
""".format(vlanid, clientiface) """.format(vlanid, clientiface)
return data return data
def setpubips(): def allipsetup(iplist):
rr = open('/root/pubip.cache', 'r').read() rr = open(iplist, 'r').read()
cache = json.loads(rr) cache = json.loads(rr)
data = ''
data += """ conffile = open('/root/frankenrouter/config.sh', 'r')
$IPT -t nat -P PREROUTING ACCEPT for line in conffile:
$IPT -t nat -P POSTROUTING ACCEPT if re.search('TRANSPORT_MASK', line):
$IPT -t nat -F ip_mask = line.split('=', 1)[1].rstrip().replace('"', '')
$IPT -t nat -X conffile.close()
#$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
"""
for ip, vlan in cache.items(): for ip, vlan in cache.items():
data += """ bashexec('ipadd-{}-{}'.format(ip, vlan), assignip(ip, ip_mask, vlan))
ip link del vtap{1}
def assignip(ip, ip_mask, vlan):
data = """
ip link add vtap{1} link $INET_IFACE type macvlan ip link add vtap{1} link $INET_IFACE type macvlan
ip addr add {0}/24 dev vtap{1} ip addr add {0}/{2} dev vtap{1}
ip link set dev vtap{1} up ip link set dev vtap{1} up
$IPT -t nat -A PREROUTING -d {0} -j DNAT --to-destination 10.0.{1}.10 $IPT -t nat -A PREROUTING -d {0} -j DNAT --to-destination 10.0.{1}.10
$IPT -t nat -A POSTROUTING -s 10.0.{1}.10 -j SNAT --to-source {0} $IPT -t nat -A POSTROUTING -s 10.0.{1}.10 -j SNAT --to-source {0}
""".format(ip, vlan, ip_mask)
return data
def removeip(ip, vlan):
data = """
ip link set dev vtap{1} down
ip link delete vtap{1}
$IPT -t nat -D PREROUTING -d {0} -j DNAT --to-destination 10.0.{1}.10
$IPT -t nat -D POSTROUTING -s 10.0.{1}.10 -j SNAT --to-source {0}
""".format(ip, vlan) """.format(ip, vlan)
return data return data
if __name__ == "__main__": if __name__ == "__main__":
if sys.argv[1] == 'init': helpdata = """
bashexec('fwfconfig', initfw()) python3 frankenrouter.py init --- setup the default firewall, read the contents of /root/pubip.cache and setup all assigments. Useful on startup
bashexec('vlfconfig', setvlans(clientiface))
bashexec('ipfconfig', setpubips())
if sys.argv[1] == 'apply': python3 ipadd VLAN IP --- add IP to VLAN
bashexec('ipfconfig', setpubips()) python3 ipdel VLAN IP --- del IP from VLAN
"""
try:
if sys.argv[1] == 'init':
bashexec('fwsetup', initfw())
bashexec('vlsetup', setvlans(clientiface))
if sys.argv[1] == 'allipadd':
bashexec('allipsetup', allipsetup('/root/pubip.cache'))
if sys.argv[1] == 'ipadd':
bashexec('ipadd-{}-{}'.format(sys.argv[2], sys.argv[3]), assignip(sys.argv[2], sys.argv[3]))
if sys.argv[1] == 'ipdel':
bashexec('ipdel-{}-{}'.format(sys.argv[2], sys.argv[3]), removeip(sys.argv[2], sys.argv[3]))
except Exception as e:
print(str(e))
print(helpdata)

View file

@ -5,11 +5,13 @@
mkdir -p /root/fr-vlanconf mkdir -p /root/fr-vlanconf
mkdir -p /root/fr-workscripts mkdir -p /root/fr-workscripts
ip addr add $TRANSPORT_IP dev $PUBIF ip addr add $TRANSPORT_IP/$TRANSPORT_MASK dev $PUBIF
sleep 5 sleep 3
ip route add default via $TRANSPORT_GW ip route add default via $TRANSPORT_GW
python3 /root/frankenrouter/frankenrouter.py init python3 /root/frankenrouter/frankenrouter.py init
python3 /root/frankenrouter/frankenrouter.py allipadd
sysctl -p sysctl -p

View file

@ -35,3 +35,5 @@ if result['status'] == 'ok':
wr.close() wr.close()
print('public ip cache updated') print('public ip cache updated')
else:
print('no data')