Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Possiably a useful Dual Wan script
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Antimatter
Guru
Guru


Joined: 11 Aug 2003
Posts: 463
PostPosted: Fri Aug 03, 2007 8:25 am    Post subject: Possiably a useful Dual Wan script Reply with quote
I've been struggling for a while on getting a dual WAN config to work for me...

Basically this script is an dhclient-exit-hooks script that will hook into the dhclient-script which then is ran by dhclient.

Anyway what it does, is it takes care of all of the routing table and iptable stuff required to have two DMZ, one off each wan IP address, anyway I'm going to present the script below in hopes that someone else out there would have some use for this script also.

Code:

#!/bin/sh
#
# This script takes care of setting up the rules and routing table for
# eth0 and eth1 which are our wan port
#

# Programs
IPTABLES="/sbin/iptables"
IP="/sbin/ip"

# Enable ip_forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Script variables
wan0="eth0"
wan1="eth1"

# File for marking/demarking expiration/failure of interface
# so when its bound/rebound again it will by pass the new/old IP
# address checks
wan0_file="/var/run/wan0.expired"
wan1_file="/var/run/wan1.expired"

# Sets up the wan0 rules and routes
set_wan0 () {

   $IP rule add from 172.20.0.5 lookup 100

   for router in $new_routers; do
      $IP route add default via $router dev $wan0 table 100
   done
}

# Remove the wan0 rules and routes
unset_wan0 () {

   $IP rule del from 172.20.0.5 lookup 100
   $IP route flush table 100
}

# Sets up the wan1 rules and routes
set_wan1 () {

   $IP rule add from 172.20.0.3 lookup 101

   for router in $new_routers; do
      $IP route add default via $router dev $wan1 table 101
   done
}

# Remove the wan1 rules and routes
unset_wan1 () {

   $IP rule del from 172.20.0.3 lookup 101
   $IP route flush table 101
}

# Setup the IPTABLE rules for wan0
iptable_wan0 () {

   $IPTABLES -t nat -A wan0_dnat -d $new_ip_address -j DNAT --to-destination 172.20.0.5
   $IPTABLES -t nat -A wan0_snat -s 172.20.0.5 -j SNAT --to-source $new_ip_address
}

# Setup the IPTABLE rules for wan1
iptable_wan1 () {

   $IPTABLES -t nat -A wan1_dnat -d $new_ip_address -j DNAT --to-destination 172.20.0.3
   $IPTABLES -t nat -A wan1_snat -s 172.20.0.3 -j SNAT --to-source $new_ip_address
}

##################################################################################################
#
# Below this section shouldn't needs to be changed as long as the basic logic/stuff are the
# same in the above variables/functions
#
##################################################################################################

# Setup the indivual wan0 & wan1 chains and add it to the NAT tables
setup_NAT () {
   
   $IPTABLES -t nat -N wan0_dnat
   $IPTABLES -t nat -N wan0_snat

   $IPTABLES -t nat -N wan1_dnat
   $IPTABLES -t nat -N wan1_snat

   $IPTABLES -t nat -A PREROUTING -j wan0_dnat
   $IPTABLES -t nat -A POSTROUTING -j wan0_snat

   $IPTABLES -t nat -A PREROUTING -j wan1_dnat
   $IPTABLES -t nat -A POSTROUTING -j wan1_snat
}


# Flushes the NAT tables
flush_NAT () {

   # First this function needs to make sure that the
   # proper NAT chains actually exists, if not then
   # create them and exit
   echo `$IPTABLES -n -L -t nat` | grep -F -q "Chain wan1_snat"

   if [[ $? -eq 0 ]]; then
      
      # The NAT chain was found so find out which interface
      # is being flushed then flush that chain
      if [[ "$interface" == "$wan0" ]]; then
         
         $IPTABLES -t nat -F wan0_dnat
         $IPTABLES -t nat -F wan0_snat

      elif [[ "$interface" == "$wan1" ]]; then
         
         $IPTABLES -t nat -F wan1_dnat
         $IPTABLES -t nat -F wan1_snat
      
      fi
   else
      # The NAT chain was not found so create it
      setup_NAT
   fi
}



# Flushes the routing tables
flush_routing () {

   # find out which interface to flush
   if [[ "$interface" == "$wan0" ]]; then

      unset_wan0

   elif [[ "$interface" == "$wan1" ]]; then
   
      unset_wan1
   
   fi
   
   $IP route flush cache
}


# Sets up the NAT tables
set_NAT () {

   # Determite if the NAT tables needs to be flushed
   # and updated, also determite if the interface was
   # previously expired
   if [[ "$old_ip_address" != "$new_ip_address" ||
      -e $wan0_file || -e $wan1_file ]]; then

      # The old and new ip address are not the same, update
      # the NAT table, or the interface was expired/failed
      flush_NAT
      
      # Find out which interface to set
      if [[ "$interface" == "$wan0" ]]; then
         
         iptable_wan0
         $IPTABLES -t nat -A wan0_dnat -j RETURN
         $IPTABLES -t nat -A wan0_snat -j RETURN

         # Remove the expired file
         rm -f $wan0_file

      elif [[ "$interface" == "$wan1" ]]; then

         iptable_wan1
         $IPTABLES -t nat -A wan1_dnat -j RETURN
         $IPTABLES -t nat -A wan1_snat -j RETURN

         # Remove the expired file
         rm -f $wan1_file
      fi

   fi

   #if [[ "$old_routers" != "$new_routers" ]]; then
   #   
   #   # The old and new routers does not match, so update the
   #   # nat TABLE
   #fi
}

# Sets up the routing tables
set_routing () {

   # Determite which interface needs the tables be set
   if [[ "$interface" == "$wan0" ]]; then

      set_wan0

   elif [[ "$interface" == "$wan1" ]]; then
   
      set_wan1
   
   fi

   $IP route flush cache
}

# This block determite which $reason code is passed to this script
case "$reason" in

   # MEDIUM - Ignore, linux does not do medium (media)
   # PREINIT - Initalizes interface for action
   "MEDIUM" | "PREINIT" )
      exit 0
   ;;

   # BOUND - Flushes and reset the routing tables, then find out
   #      If the ip address of the interface has changed and update
   #     the NAT table if needed
   # RENEW - Same as BOUND
   # REBIND - Same as BOUND
   # REBOOT - Same as BOUND
   "BOUND" | "RENEW" | "REBIND" | "REBOOT" )
      set_NAT
      flush_routing
      set_routing
   ;;

   # EXPIRE - No IP address on interface, flush NAT & Routing
   # FAIL - Same as EXPIRE
   "EXPIRE" | "FAIL" )
      flush_NAT
      flush_routing

      # Touch the file for the expired interface
      if [[ "$interface" == "$wan0" ]]; then
         touch $wan0_file
      elif [[ "$interface" == "$wan1" ]]; then
         touch $wan1_file
      fi
   ;;

   # TIMEOUT - If the exit value is 0, the NAT & routing needs to be setup/fixed
   # otherwise if the exit value is 1, we need to flush NAT & routing like EXPIRE/FAIL
   "TIMEOUT" )

      # Determite the exit value
      if [[ "$exit_status" -eq "0" ]]; then
         
         set_NAT
         flush_routing
         set_routing
      else
         flush_NAT
         flush_routing
      fi
   ;;

esac


Enjoy! And if anyone has any suggestion/improvement it would certainly be welcomed!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy