diff options
-rwxr-xr-x | perl-install/standalone/drakgw | 155 |
1 files changed, 18 insertions, 137 deletions
diff --git a/perl-install/standalone/drakgw b/perl-install/standalone/drakgw index 5252ef10d..cc35a1dc2 100755 --- a/perl-install/standalone/drakgw +++ b/perl-install/standalone/drakgw @@ -48,18 +48,12 @@ my $sysconf_network = "/etc/sysconfig/network"; my $sysconf_dhcpd = "/etc/sysconfig/dhcpd"; my $rc_firewall_generic = "/etc/rc.d/rc.firewall"; my $rc_firewall_drakgw = "/etc/rc.d/rc.firewall.inet_sharing"; -my $rc_firewall_22 = "/etc/rc.d/rc.firewall.inet_sharing-2.2"; my $rc_firewall_24 = "/etc/rc.d/rc.firewall.inet_sharing-2.4"; my $dhcpd_conf = "/etc/dhcpd.conf"; my $cups_conf = "/etc/cups/cupsd.conf"; my $drakgw_setup = "/etc/sysconfig/inet_sharing"; -my ($kernel_version) = c::kernel_version() =~ /(...)/; -log::l("[drakgw] kernel_version $kernel_version"); - -$kernel_version eq '2.2' || $kernel_version eq '2.4' or die "Only for 2.2 or 2.4 kernels.\n"; - my $in = 'interactive'->vnew('su', 'default'); !$::isEmbedded && $in->isa('interactive_gtk') and $::isWizard=1; @@ -108,11 +102,7 @@ sub stop_daemons () standalone::explanations("Stopping daemons"); system("/etc/rc.d/init.d/dhcpd status >/dev/null") == 0 and sys("/etc/rc.d/init.d/dhcpd stop"); system("/etc/rc.d/init.d/named status >/dev/null 2>/dev/null") == 0 and sys("/etc/rc.d/init.d/named stop"); - if ($kernel_version eq "2.2") { - sys("/sbin/ipchains -F"); - } else { - sys("/sbin/iptables -t nat -F"); - } + sys("/sbin/iptables -t nat -F"); sys("/sbin/chkconfig --level 345 $_ off") foreach 'named', 'dhcpd'; substInFile { s/^INET_SHARING.*\n//; $_ .= "INET_SHARING=disabled\n" if eof } $drakgw_setup; @@ -126,6 +116,12 @@ sub fatal_quit ($) quit_global($in, -1); } +my ($kernel_version) = c::kernel_version() =~ /(...)/; +log::l("[drakgw] kernel_version $kernel_version"); + +$kernel_version eq '2.4' or fatal_quit(_("Sorry, we support only 2.4 kernels.")); + + begin: #- ********************************** @@ -146,7 +142,7 @@ What would you like to do?"), my $wait_disabl = $in->wait_message('', _("Disabling servers...")); stop_daemons(); } - foreach ($dhcpd_conf, $rc_firewall_22, $rc_firewall_24) { + foreach ($dhcpd_conf, $rc_firewall_24) { renamef($_, "$_.drakgwdisable") or die "Could not rename $_ to $_.drakgwdisable" } log::l("[drakgw] Disabled"); @@ -167,7 +163,7 @@ It's currently disabled. What would you like to do?"), [ __("enable"), __("reconfigure"), __("dismiss") ]); if ($r eq "enable") { - foreach ($dhcpd_conf, $rc_firewall_22, $rc_firewall_24) { + foreach ($dhcpd_conf, $rc_firewall_24) { rename($_, "$_.old") if -f $_; rename("$_.drakgwdisable", $_) or die "Could not find configuration. Please reconfigure."; } @@ -320,17 +316,10 @@ foreach (grep { $_ ne $device } @configured_devices) #- test for potential conflict with previous firewall config -if ($kernel_version eq '2.2') { - if (-f '/etc/sysconfig/ipchains' || -x '/sbin/ipchains' && listlength(`/sbin/ipchains -nL`) > 3) { - $in->ask_okcancel(_("Firewalling configuration detected!"), - _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup; - } -} else { - system('modprobe iptable_nat'); - if (-f '/etc/sysconfig/iptables' || -x '/sbin/iptables' && listlength(`/sbin/iptables -t nat -nL`) > 8) { - $in->ask_okcancel(_("Firewalling configuration detected!"), - _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup; - } +system('modprobe iptable_nat'); +if (-f '/etc/sysconfig/iptables' || -x '/sbin/iptables' && listlength(`/sbin/iptables -t nat -nL`) > 8) { + $in->ask_okcancel(_("Firewalling configuration detected!"), + _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup; } @@ -362,8 +351,7 @@ ONBOOT=yes #- install and setup the RPM packages my $rpms_to_install; -my %rpm2file = ( ipchains => '/sbin/ipchains', - iptables => '/sbin/iptables', +my %rpm2file = ( iptables => '/sbin/iptables', 'dhcp-server' => '/usr/sbin/dhcpd', bind => '/usr/sbin/named', 'caching-nameserver' => '/var/named/named.local'); @@ -402,9 +390,6 @@ output($rc_firewall_drakgw, q(#!/bin/sh KERNELMAJ=`uname -r | sed -e 's,\..*,,'` KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'` -if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -eq 2 ]; then - [ -x ) . $rc_firewall_22 . ' ] && ' . $rc_firewall_22 . q( -fi if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -eq 4 ]; then [ -x ) . $rc_firewall_24 . ' ] && ' . $rc_firewall_24 . q( fi @@ -413,114 +398,6 @@ fi chmod 0700, $rc_firewall_drakgw; -output($rc_firewall_22, -qq(#!/bin/sh -# -# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS -# -# Load all required IP MASQ modules -# -# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules -# are shown below but are commented out from loading. - -# Needed to initially load modules -# -/sbin/depmod -a - -# Supports the proper masquerading of FTP file transfers using the PORT method -# -/sbin/modprobe ip_masq_ftp - -# Supports the masquerading of RealAudio over UDP. Without this module, -# RealAudio WILL function but in TCP mode. This can cause a reduction -# in sound quality -# -/sbin/modprobe ip_masq_raudio - -# Supports the masquerading of IRC DCC file transfers -# -/sbin/modprobe ip_masq_irc - - -# Supports the masquerading of Quake and QuakeWorld by default. This modules is -# for for multiple users behind the Linux MASQ server. If you are going to play -# Quake I, II, and III, use the second example. -# -# NOTE: If you get ERRORs loading the QUAKE module, you are running an old -# ----- kernel that has bugs in it. Please upgrade to the newest kernel. -# -#Quake I / QuakeWorld (ports 26000 and 27000) -#/sbin/modprobe ip_masq_quake -# -#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) -/sbin/modprobe ip_masq_quake 26000,27000,27910,27960 - - -# Supports the masquerading of the CuSeeme video conferencing software -# -/sbin/modprobe ip_masq_cuseeme - -#Supports the masquerading of the VDO-live video conferencing software -# -/sbin/modprobe ip_masq_vdolive - - -#CRITICAL: Enable IP forwarding since it is disabled by default since -# -# Redhat Users: you may try changing the options in /etc/sysconfig/network from: -# -# FORWARD_IPV4=false -# to -# FORWARD_IPV4=true -# -echo 1 > /proc/sys/net/ipv4/ip_forward - - -# Dynamic IP users: -# -# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following -# option. This enables dynamic-ip address hacking in IP MASQ, making the life -# with Diald and similar programs much easier. -# -#echo 1 > /proc/sys/net/ipv4/ip_dynaddr - - -# MASQ timeouts -# -# 2 hrs timeout for TCP session timeouts -# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received -# 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) -# -/sbin/ipchains -M -S 7200 10 160 - - -# DHCP: For people who receive their external IP address from either DHCP or BOOTP -# such as ADSL or Cablemodem users, it is necessary to use the following -# before the deny command. The "bootp_client_net_if_name" should be replaced -# the name of the link that the DHCP/BOOTP server will put an address on to? -# This will be something like "eth0", "eth1", etc. -# -# This example is currently commented out. -# -# -#/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp - -# Enable simple IP forwarding and Masquerading -# -# NOTE: The following is an example for an internal LAN address in the 192.168.0.x -# network with a 255.255.255.0 or a "24" bit subnet mask. -# -# Please change this network number and subnet mask to match your internal LAN setup -# -/sbin/ipchains -P forward DENY -/sbin/ipchains -A forward -s $lan_address.0/24 -j MASQ - -# Let incoming packets arrive to our interface, in case there are some firewall rules to come -/sbin/ipchains -A input -i $device -j ACCEPT -)); -chmod 0700, $rc_firewall_22; - - output($rc_firewall_24, qq(#!/bin/sh # Load the NAT module (this pulls in all the others). modprobe iptable_nat @@ -734,6 +611,10 @@ Click on Configure to launch the setup wizard.", $setup_state)); #------------------------------------------------- #- $Log$ +#- Revision 1.61 2002/04/09 08:50:36 gc +#- time to remove ipchains/2.2 stuff since now ipchains and iptables +#- packages conflict +#- #- Revision 1.60 2002/03/07 13:10:06 gc #- - call net_monitor to disable internet #- connection before network-restart |