From: Michael Gebetsroither Date: Sat, 17 Mar 2007 19:22:03 +0000 (+0100) Subject: introduced iptables as a seperate configurable service within grml-terminalserver X-Git-Tag: 0.84~3 X-Git-Url: http://git.grml.org/?p=grml-terminalserver.git;a=commitdiff_plain;h=3da5aa3e46e387154620f23fb2eaf83d8db82560 introduced iptables as a seperate configurable service within grml-terminalserver --- diff --git a/config b/config index a2c6d51..ab742c4 100644 --- a/config +++ b/config @@ -49,3 +49,7 @@ # path to pxelinux boot logo # default: /cdrom/boot/isolinux/logo.16 #PXE_BOOT_LOGO_="" + +# should the terminalserver activate snat for the clients to his default gateway? +# default: true +#IPTABLES_SNAT_="" diff --git a/debian/changelog b/debian/changelog index 9ff5e67..1377e62 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +grml-terminalserver (0.84) unstable; urgency=low + + * introduced iptables as a seperate configurable service within + grml-terminalserver + + -- Michael Gebetsroither Sat, 17 Mar 2007 20:20:00 +0100 + grml-terminalserver (0.83) unstable; urgency=low [ Michael Prokop ] diff --git a/default_config b/default_config index 2665bd0..8d417a9 100644 --- a/default_config +++ b/default_config @@ -22,3 +22,5 @@ PXE_BOOT_MSG_="$DATA_PATH_/boot.msg" PXE_BOOT_LOGO_="$DATA_PATH_/logo.16" +IPTABLES_SNAT_="true" + diff --git a/grml-terminalserver b/grml-terminalserver index bf01665..fde1b29 100755 --- a/grml-terminalserver +++ b/grml-terminalserver @@ -52,6 +52,7 @@ COMMANDS: SERVICES: tftp Tftp daemon dhcp Dhcp daemon + ipt Iptables setup (snat for clients) nfs All necessary nfs daemons <> ALL services @@ -136,7 +137,15 @@ function runDhcp # IPTABLES {{{ function runIptables { - if [ -x /sbin/iptables ] ; then + if [[ $IPTABLES_SNAT_ != "true" ]]; then + return + fi + startIptables +} + +function startIptables +{ + if [ -x /sbin/iptables ] ; then if [[ $NAT_INTERFACE_ != "" ]]; then local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn` @@ -157,9 +166,27 @@ function runIptables echo 1 > /proc/sys/net/ipv4/ip_forward && echo done || echo failed fi fi - else + else warn "iptables executable not avilable" - fi + fi +} + +function stopIptables +{ + if [[ $IPTABLES_SNAT_ != "true" ]]; then + return + fi + if [ -x /sbin/iptables ] ; then + if [[ $NAT_INTERFACE_ != "" ]]; then + local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn` + + if iptables -t nat -vnL POSTROUTING | grep -q "SNAT.*${NAT_INTERFACE_}.*to:${nat_source_ip_}" ; then + iptables -t nat -F POSTROUTING &>/dev/null && \ + iptables -t nat -D POSTROUTING -o "$NAT_INTERFACE_" -j SNAT --to-source "$nat_source_ip_" + fi + echo 0 > /proc/sys/net/ipv4/ip_forward + fi + fi } # }}} @@ -256,16 +283,17 @@ function actionStart echo -n "Starting dhcpd: " runDhcp && echo done || echo failed - #runIptables + runIptables echo "Finally starting nfs services..." - startNfs && echo "Sucessfully finished startup of grml-terminalserver." || echo 'Startup of grml-terminalserver-config failed!' + startNfs && echo "Sucessfully finished startup of grml-terminalserver." || echo 'Startup of grml-terminalserver failed!' } function actionStop { stopTftp stopDhcp + stopIptables stopNfs notice "Terminal-server stopped" } @@ -300,6 +328,7 @@ function serviceStart "") actionStart ;; tftp) runTftp ;; dhcp) runDhcp ;; + ipt) startIptables ;; nfs) startNfs ;; *) warn "Service $service_ not available" ;; esac @@ -313,6 +342,7 @@ function serviceStop "") actionStop ;; tftp) stopTftp ;; dhcp) stopDhcp ;; + ipt) stopIptables ;; nfs) stopNfs ;; *) warn "Service $service_ not available" ;; esac