+grml-terminalserver (0.79) unstable; urgency=low
+
+ * Applied patch from Wolfgang Karall which:
+ - improve display of iptables message
+ - fix the /etc/resolv.conf issue (Closes: issue21)
+ - support for SNAT
+
+ Thanks a lot, Wolfgang!
+
+ -- Michael Prokop <mika@grml.org> Sat, 2 Dec 2006 10:29:20 +0100
+
grml-terminalserver (0.78) unstable; urgency=low
* Deactivate Multicast-DNS via iptables, thanks for suggestion -
echo "Rule for tcp/113 already present, nothing to be done."
else
echo "Rejecting tcp/113 via iptables to speed up booting via PXE, running:"
- echo -n '* iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset'
+ echo -n '* iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset ... '
iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset && echo done || echo failed
fi
# deactivate Multicast-DNS
echo "Rule for udp/5353 already present, nothing to be done."
else
echo "Rejecting udp/5353 via iptables for deactivating Multicast-DNS, running:"
- echo -n '* iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT'
+ echo -n '* iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT ... '
iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT && echo done || echo failed
fi
+ if [ "$NAT_INTERFACE_" != "none" ]; then
+ local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn`
+
+ if iptables -t nat -vnL POSTROUTING | grep -q "SNAT.*${NAT_INTERFACE_}.*to:${nat_source_ip_}" ; then
+ echo "Rule for SNAT already present, nothing to be done."
+ else
+ echo "Setting up SNAT for terminalserver clients on ${NAT_INTERFACE_}:"
+ echo "* iptables -t nat -F POSTROUTING"
+ echo -n "* iptables -t nat -A POSTROUTING -o $NAT_INTERFACE_ -j SNAT --to-source $nat_source_ip_ ... "
+ { iptables -t nat -F POSTROUTING && \
+ iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE_" -j SNAT --to-source "$nat_source_ip_" ; } && \
+ echo done || echo failed
+ fi
+ if [ `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ]; then
+ echo "IP-Forwarding already enabled, nothing to be done."
+ else
+ echo -n "Enabling IP-Forwarding: "
+ echo 1 > /proc/sys/net/ipv4/ip_forward && echo done || echo failed
+ fi
+ fi
else
warn "iptables executable not avilable"
fi
NETWORK_=""
OPTIONS_=""
BOOT_ARGS_=""
+NAT_INTERFACE_=""
###
IPRANGE_TO_="$IPRANGE_TO_"
OPTIONS_="$OPTIONS_"
BOOT_ARGS_="$BOOT_ARGS_"
+NAT_INTERFACE_="$NAT_INTERFACE_"
EOT
notice "config successfully safed to \"$CONF_FILE_\""
NAMESERVERS_=`netGetNameservers warn`
GW_=`netGetDefaultGateway warn`
+ GW_DEV_=`/sbin/ip route get "$GW_" | awk '{ print $3; exit; }'`
+ if [ "$GW_DEV_" != "$INTERFACE_" ]; then
+ # GW_DEV_ of server is not the same device as the one serviced by dhcpd
+ # so it doesn't make sense to provide the GW_ address to the clients
+ local do_nat_="YES"
+ local do_nat_title_="Network Address Translation"
+ local do_nat_message_="
+Do you want to set up NAT so that clients booting from this
+grml-terminalserver can use this machine also as gateway to
+the internet?"
+
+ $DIALOG_ --clear --backtitle "$BACK_TITLE_" --title "$do_nat_title_" --yesno "$do_nat_message_" 15 75 || \
+ do_nat_="NO"
+ if [ "$do_nat_" = "YES" ]; then
+ # user wants NAT, we give the clients the server address as
+ # gateway as well
+ GW_="$IP_"
+ NAT_INTERFACE_="$GW_DEV_"
+ else
+ # no NAT, no sensible gateway
+ GW_=
+ NAT_INTERFACE_="none"
+ fi
+ fi
# grub
if test -n "$UNIONFS" && /bin/mount -t unionfs -o noatime${SECURE},dirs=/ramdisk=rw:/GRML=ro /UNIONFS /UNIONFS; then
# We now have unionfs, copy some data from the initial ramdisk first
cp -a /etc/fstab /etc/auto.mnt /etc/filesystems /etc/mtab /UNIONFS/etc/
+ # disable resolvconf on the terminalserver client
+ rm /UNIONFS/etc/resolv.conf
+ cp -a /etc/resolv.conf /UNIONFS/etc
+ echo REPORT_ABSENT_SYMLINK=no >> /UNIONFS/etc/default/resolvconf
for i in bin boot etc sbin var lib opt root usr; do # Move directories to unionfs
if test -d /$i; then
mv /$i /$i.old && \