From 184a9d3153e3fae4fa1ea20a186c12e9c0a83db2 Mon Sep 17 00:00:00 2001
From: Michael Prokop <mika@grml.org>
Date: Sat, 2 Dec 2006 10:31:31 +0100
Subject: [PATCH]   * Applied patch from Wolfgang Karall which:     - improve
 display of iptables message     - fix the /etc/resolv.conf issue (Closes:
 issue21)     - support for SNAT

    Thanks a lot, Wolfgang!
---
 debian/changelog           | 11 +++++++++++
 grml-terminalserver        | 24 ++++++++++++++++++++++--
 grml-terminalserver-config | 26 ++++++++++++++++++++++++++
 linuxrc                    |  4 ++++
 4 files changed, 63 insertions(+), 2 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index ddf8d1b..9e1cd3f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,14 @@
+grml-terminalserver (0.79) unstable; urgency=low
+
+  * Applied patch from Wolfgang Karall which:
+    - improve display of iptables message
+    - fix the /etc/resolv.conf issue (Closes: issue21)
+    - support for SNAT
+
+    Thanks a lot, Wolfgang!
+
+ -- Michael Prokop <mika@grml.org>  Sat,  2 Dec 2006 10:29:20 +0100
+
 grml-terminalserver (0.78) unstable; urgency=low
 
   * Deactivate Multicast-DNS via iptables, thanks for suggestion -
diff --git a/grml-terminalserver b/grml-terminalserver
index 8ad2ae0..458b203 100755
--- a/grml-terminalserver
+++ b/grml-terminalserver
@@ -148,7 +148,7 @@ function runIptables
        echo "Rule for tcp/113 already present, nothing to be done."
     else
        echo "Rejecting tcp/113 via iptables to speed up booting via PXE, running:"
-       echo -n '* iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset'
+       echo -n '* iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset ... '
        iptables -A OUTPUT -p tcp --dport 113 -j REJECT --reject-with tcp-reset && echo done || echo failed
     fi
     # deactivate Multicast-DNS
@@ -156,9 +156,29 @@ function runIptables
        echo "Rule for udp/5353 already present, nothing to be done."
     else
        echo "Rejecting udp/5353 via iptables for deactivating Multicast-DNS, running:"
-       echo -n '* iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT'
+       echo -n '* iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT ... '
        iptables -A OUTPUT -p udp -d 224.0.0.0/8 --dport 5353 -j REJECT && echo done || echo failed
     fi
+    if [ "$NAT_INTERFACE_" != "none" ]; then
+       local nat_source_ip_=`netGetIp "$NAT_INTERFACE_" warn`
+
+       if iptables -t nat -vnL POSTROUTING | grep -q "SNAT.*${NAT_INTERFACE_}.*to:${nat_source_ip_}" ; then
+          echo "Rule for SNAT already present, nothing to be done."
+       else
+          echo "Setting up SNAT for terminalserver clients on ${NAT_INTERFACE_}:"
+          echo    "* iptables -t nat -F POSTROUTING"
+          echo -n "* iptables -t nat -A POSTROUTING -o $NAT_INTERFACE_ -j SNAT --to-source $nat_source_ip_ ... "
+          { iptables -t nat -F POSTROUTING && \
+            iptables -t nat -A POSTROUTING -o "$NAT_INTERFACE_" -j SNAT --to-source "$nat_source_ip_" ; } && \
+            echo done || echo failed
+       fi
+       if [ `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ]; then
+          echo "IP-Forwarding already enabled, nothing to be done."
+       else
+          echo -n "Enabling IP-Forwarding: "
+          echo 1 > /proc/sys/net/ipv4/ip_forward && echo done || echo failed
+       fi
+    fi
  else
     warn "iptables executable not avilable"
  fi
diff --git a/grml-terminalserver-config b/grml-terminalserver-config
index 9b8d0f6..ca73dfc 100755
--- a/grml-terminalserver-config
+++ b/grml-terminalserver-config
@@ -38,6 +38,7 @@ IPRANGE_TO_=""
 NETWORK_=""
 OPTIONS_=""
 BOOT_ARGS_=""
+NAT_INTERFACE_=""
 
 
 ###
@@ -93,6 +94,7 @@ IPRANGE_FROM_="$IPRANGE_FROM_"
 IPRANGE_TO_="$IPRANGE_TO_"
 OPTIONS_="$OPTIONS_"
 BOOT_ARGS_="$BOOT_ARGS_"
+NAT_INTERFACE_="$NAT_INTERFACE_"
 
 EOT
   notice "config successfully safed to \"$CONF_FILE_\""
@@ -323,6 +325,30 @@ for addresses from 192.168.0.101 to (and including) 192.168.0.200.
 
   NAMESERVERS_=`netGetNameservers warn`
   GW_=`netGetDefaultGateway warn`
+  GW_DEV_=`/sbin/ip route get "$GW_" | awk '{ print $3; exit; }'`
+  if [ "$GW_DEV_" != "$INTERFACE_" ]; then
+    # GW_DEV_ of server is not the same device as the one serviced by dhcpd
+    # so it doesn't make sense to provide the GW_ address to the clients
+    local do_nat_="YES"
+    local do_nat_title_="Network Address Translation"
+    local do_nat_message_="
+Do you want to set up NAT so that clients booting from this
+grml-terminalserver can use this machine also as gateway to
+the internet?"
+
+    $DIALOG_ --clear --backtitle "$BACK_TITLE_" --title "$do_nat_title_" --yesno "$do_nat_message_" 15 75 || \
+      do_nat_="NO"
+    if [ "$do_nat_" = "YES" ]; then
+      # user wants NAT, we give the clients the server address as
+      # gateway as well
+      GW_="$IP_"
+      NAT_INTERFACE_="$GW_DEV_"
+    else
+      # no NAT, no sensible gateway
+      GW_=
+      NAT_INTERFACE_="none"
+    fi
+  fi
 
 
   # grub
diff --git a/linuxrc b/linuxrc
index 10e677e..09e05ff 100755
--- a/linuxrc
+++ b/linuxrc
@@ -888,6 +888,10 @@ mkdir -p /UNIONFS
 if test -n "$UNIONFS" && /bin/mount -t unionfs -o noatime${SECURE},dirs=/ramdisk=rw:/GRML=ro /UNIONFS /UNIONFS; then
  # We now have unionfs, copy some data from the initial ramdisk first
  cp -a /etc/fstab /etc/auto.mnt /etc/filesystems /etc/mtab /UNIONFS/etc/
+ # disable resolvconf on the terminalserver client
+ rm /UNIONFS/etc/resolv.conf
+ cp -a /etc/resolv.conf /UNIONFS/etc
+ echo REPORT_ABSENT_SYMLINK=no >> /UNIONFS/etc/default/resolvconf
  for i in bin boot etc sbin var lib opt root usr; do # Move directories to unionfs
   if test -d /$i; then
    mv /$i /$i.old && \
-- 
2.1.4