introduced iptables as a seperate configurable service within grml-terminalserver

diff --git a/config b/config
index a2c6d51..ab742c4 100644 (file)
--- a/config
+++ b/config
@@ -49,3 +49,7 @@
 # path to pxelinux boot logo
 # default: /cdrom/boot/isolinux/logo.16
 #PXE_BOOT_LOGO_=""
+
+# should the terminalserver activate snat for the clients to his default gateway?
+# default: true
+#IPTABLES_SNAT_=""

diff --git a/debian/changelog b/debian/changelog
index 9ff5e67..1377e62 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+grml-terminalserver (0.84) unstable; urgency=low
+
+  * introduced iptables as a seperate configurable service within
+    grml-terminalserver 
+
+ -- Michael Gebetsroither <gebi@grml.org>  Sat, 17 Mar 2007 20:20:00 +0100
+
 grml-terminalserver (0.83) unstable; urgency=low
 
   [ Michael Prokop ]

diff --git a/default_config b/default_config
index 2665bd0..8d417a9 100644 (file)
--- a/default_config
+++ b/default_config
@@ -22,3 +22,5 @@ PXE_BOOT_MSG_="$DATA_PATH_/boot.msg"
 
 PXE_BOOT_LOGO_="$DATA_PATH_/logo.16"
 
+IPTABLES_SNAT_="true"
+

diff --git a/grml-terminalserver b/grml-terminalserver
index bf01665..fde1b29 100755 (executable)
--- a/grml-terminalserver
+++ b/grml-terminalserver
@@ -52,6 +52,7 @@ COMMANDS:
 SERVICES:
   tftp        Tftp daemon
   dhcp        Dhcp daemon
+  ipt         Iptables setup (snat for clients)
   nfs         All necessary nfs daemons
   <>          ALL services
 
@@ -136,7 +137,15 @@ function runDhcp
 # IPTABLES {{{
 function runIptables
 {
- if [ -x /sbin/iptables ] ; then
+  if [[ $IPTABLES_SNAT_ != "true" ]]; then
+    return
+  fi
+  startIptables
+}
+
+function startIptables
+{
+  if [ -x /sbin/iptables ] ; then
     if [[ $NAT_INTERFACE_ != "" ]]; then
        local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn`
 
@@ -157,9 +166,27 @@ function runIptables
           echo 1 > /proc/sys/net/ipv4/ip_forward && echo done || echo failed
        fi
     fi
- else
+  else
     warn "iptables executable not avilable"
- fi
+  fi
+}
+
+function stopIptables
+{
+  if [[ $IPTABLES_SNAT_ != "true" ]]; then
+    return
+  fi
+  if [ -x /sbin/iptables ] ; then
+    if [[ $NAT_INTERFACE_ != "" ]]; then
+       local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn`
+
+       if iptables -t nat -vnL POSTROUTING | grep -q "SNAT.*${NAT_INTERFACE_}.*to:${nat_source_ip_}" ; then
+         iptables -t nat -F POSTROUTING &>/dev/null && \
+           iptables -t nat -D POSTROUTING -o "$NAT_INTERFACE_" -j SNAT --to-source "$nat_source_ip_"
+       fi
+       echo 0 > /proc/sys/net/ipv4/ip_forward
+    fi
+  fi
 }
 # }}}
 
@@ -256,16 +283,17 @@ function actionStart
   echo -n "Starting dhcpd: "
   runDhcp && echo done || echo failed
 
-  #runIptables
+  runIptables
 
   echo "Finally starting nfs services..."
-  startNfs && echo "Sucessfully finished startup of grml-terminalserver." || echo 'Startup of grml-terminalserver-config failed!'
+  startNfs && echo "Sucessfully finished startup of grml-terminalserver." || echo 'Startup of grml-terminalserver failed!'
 }
 
 function actionStop
 {
   stopTftp
   stopDhcp
+  stopIptables
   stopNfs
   notice "Terminal-server stopped"
 }
@@ -300,6 +328,7 @@ function serviceStart
     "") actionStart ;;
     tftp) runTftp ;;
     dhcp) runDhcp ;;
+    ipt) startIptables ;;
     nfs) startNfs ;;
     *) warn "Service $service_ not available" ;;
   esac
@@ -313,6 +342,7 @@ function serviceStop
     "") actionStop ;;
     tftp) stopTftp ;;
     dhcp) stopDhcp ;;
+    ipt) stopIptables ;;
     nfs) stopNfs ;;
     *) warn "Service $service_ not available" ;;
   esac