#!/bin/bash # /etc/rc.d/rc.proxyarp - Ethernet setup script for ns.chsoft.biz # On entry, rc.S has run rc.modules, which runs rc.netdevice echo "rc.proxyarp: " # testing # set -x # echo -n "rc.proxyarp: " >>/tmp/errors # definitions NIC0="3c59x" # eth0 ---> Belkin switch # eth0 is the internal interface NIC1="tulip" # eth1 ---> DSL NIC2="8139too" # eth2 ---> LAN IFI="eth0" IFE="eth1" IPNS="66.209.101.198" NWI="66.209.101.192/29" # unused NMI="255.255.255.248" # unused GW="66.209.101.193" BRD="66.209.101.199" YIC="66.209.101.194/32" NEWS="66.209.101.195/32" SON="66.209.101.196/32" NOP="66.209.101.197/32" NS="66.209.101.198/32" # unused proxyarp_start() { echo -n "/etc/rc.d/rc.proxyarp start: " # IPE=`ifconfig $IFE 2>/dev/null | grep inet | cut -d : -f 2 | cut -d ' ' -f 1` # IPI=`ifconfig $IFI 2>/dev/null | grep inet | cut -d : -f 2 | cut -d ' ' -f 1` # if [ ! $IPE = "" ] || [ ! $IPI = "" ]; then # echo "The network is already started. Exiting." # exit # else # Setup: ifconfig lo 127.0.0.1 route add -net 127.0.0.0 netmask 255.0.0.0 lo # /etc/rc.d/rc.netdevice ip link set dev $IFE up ip addr add dev $IFE local $IPNS/32 broadcast $BRD ip link set dev $IFI up ip addr add dev $IFI local $IPNS/32 broadcast $BRD ip route add $YIC dev $IFI src $IPNS ip route add $NEWS dev $IFI src $IPNS ip route add $SON dev $IFI src $IPNS ip route add $NOP dev $IFI src $IPNS ip route add $GW/32 dev $IFE src $IPNS ip route add 0/0 via $GW dev $IFE src $IPNS # we want proxyARP: #30Jan06 echo 1 >/proc/sys/net/ipv4/conf/$IFE/proxy_arp echo 1 >/proc/sys/net/ipv4/conf/$IFI/proxy_arp /usr/sbin/proxy-arp.sh start # turn on ip forwarding echo 1 >/proc/sys/net/ipv4/ip_forward # turn on explicit congestion notification echo 1 >/proc/sys/net/ipv4/tcp_ecn # Decide what to do about rp_filter. # turn on antispoofing protection #Off 23Oct04 for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 >$f; done # Shields Up! /usr/sbin/firewall.sh # fi } # Everything from here on down is a mess, but I don't care because it is never # used. proxyarp_stop() { echo -n "/etc/rc.d/rc.proxyarp stop: " # teardown echo 0 >/proc/sys/net/ipv4/conf/$IFE/proxy_arp echo 0 >/proc/sys/net/ipv4/conf/$IFI/proxy_arp echo 0 >/proc/sys/net/ipv4/ip_forward # Decide what to do about rp_filter. # turn off antispoofing protection for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 >$f; done /usr/sbin/firewall.sh stop # ifconfig $IFE down # eth1 ifconfig $IFI down # eth0 # ifconfig lo down modprobe -r $NIC1 # eth1 ---> DSL modprobe -r $NIC0 # eth0 ---> switch /usr/sbin/backdoor.sh # Firewall that allows only me from home. } proxyarp_kill() { echo -n "/etc/rc.d/rc.proxyarp kill: " # teardown echo 0 >/proc/sys/net/ipv4/conf/$IFE/proxy_arp echo 0 >/proc/sys/net/ipv4/conf/$IFI/proxy_arp echo 0 >/proc/sys/net/ipv4/ip_forward # Decide what to do about rp_filter. # turn off antispoofing protection for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 >$f; done /usr/sbin/firewall.sh stop # ifconfig eth2 down ifconfig $IFE down # eth1 ifconfig $IFI down # eth0 ifconfig lo down modprobe -r $NIC1 # eth1 ---> DSL modprobe -r $NIC0 # eth0 ---> switch } proxyarp_restart() { echo -n "/etc/rc.d/rc.proxyarp restart: " # proxyarp_stop # Changed so firewall doesn't reload on restart 14Jan05 # sleep 2 # proxyarp_start # teardown echo 0 >/proc/sys/net/ipv4/conf/$IFE/proxy_arp echo 0 >/proc/sys/net/ipv4/conf/$IFI/proxy_arp echo 0 >/proc/sys/net/ipv4/ip_forward # turn off antispoofing protection for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 >$f; done ifconfig $IFE down # eth1 ifconfig $IFI down # eth0 ifconfig lo down modprobe -r $NIC1 # eth1 ---> DSL modprobe -r $NIC0 # eth0 ---> switch sleep 2 ifconfig lo 127.0.0.1 route add -net 127.0.0.0 netmask 255.0.0.0 lo /etc/rc.d/rc.netdevice ip link set dev $IFE up ip addr add dev $IFE local $IPNS/29 broadcast $BRD ip link set dev $IFI up ip addr add dev $IFI local $IPNS/29 broadcast $BRD ip route add $YIC dev $IFI src $IPNS ip route add $NEWS dev $IFI src $IPNS ip route add $SON dev $IFI src $IPNS ip route add $NOP dev $IFI src $IPNS ip route add $GW/32 dev $IFE src $IPNS ip route add 0/0 via $GW dev $IFE src $IPNS # we want proxyARP: echo 1 >/proc/sys/net/ipv4/conf/$IFE/proxy_arp echo 1 >/proc/sys/net/ipv4/conf/$IFI/proxy_arp # turn on ip forwarding echo 1 >/proc/sys/net/ipv4/ip_forward # Decide what to do about rp_filter. # turn on antispoofing protection #Off 23Oct04 for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 >$f; done } case "$1" in 'start') proxyarp_start ;; 'stop') proxyarp_stop ;; 'kill') proxyarp_kill ;; 'restart') proxyarp_restart ;; *) # Default is "start" echo "rc.proxyarp: Default case." proxyarp_start esac # Done rc.proxyarp