#!/usr/bin/perl # # Guillaume Cottenceau (gc@mandrakesoft.com) # # Copyright 2000 MandrakeSoft # # This software may be freely redistributed under the terms of the GNU # public license. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # use lib qw(/usr/lib/libDrakX); use common qw(:system :file); use interactive; use standalone; use log; use c; use netconnect; use detect_devices; $::isInstall and fatal_quit(_("Not supported during install.")); $::isEmbedded = ($::XID, $::CCPID) = "@ARGV" =~ /--embedded (\w+) (\w+)/; local $_ = join '', @ARGV; /-h/ and die "usage: drakgw [--version]\n"; /-version/ and die 'version: $Id$ '."\n"; $::isWizard = 1; $::direct = /-direct/; my $sysconf_network = "/etc/sysconfig/network"; my $conf_linuxconf = "/etc/conf.linuxconf"; my $rc_firewall_generic = "/etc/rc.d/rc.firewall"; my $rc_firewall_22 = "/etc/rc.d/rc.firewall.inet_sharing-2.2"; my $rc_firewall_24 = "/etc/rc.d/rc.firewall.inet_sharing-2.4"; my $dhcpd_conf = "/etc/dhcpd.conf"; my $cups_conf = "/etc/cups/cupsd.conf"; my $drakgw_setup = "/etc/sysconfig/inet_sharing"; my $kernel_version = substr `uname -r`, 0, 3; log::l("[drakgw] kernel_version $kernel_version\n"); ($kernel_version eq "2.2" || $kernel_version eq "2.4") or die "Only for 2.2 or 2.4 kernels.\n"; my $in = vnew interactive('su'); sub start_daemons() { my $cups_used = 0; log::l("[drakgw] Starting daemons\n"); if (-f "/etc/rc.d/init.d/cups") { if (grep(/is running/, `/etc/rc.d/init.d/cups status`)) { $cups_used = 1; (system("/etc/rc.d/init.d/cups stop") == 0) or die "Could not stop the CUPS daemon"; } } grep(/is running/, `/etc/rc.d/init.d/dhcpd status`) and ((system("/etc/rc.d/init.d/dhcpd stop") == 0) or die "Could not stop the dhcp server"); grep(/error: cannot connect/, `/etc/rc.d/init.d/named status 2>&1`) or ((system("/etc/rc.d/init.d/named stop") == 0) or die "Could not stop the named server"); (system("/etc/rc.d/init.d/network restart") == 0) or die "Could not restart the network"; (system("sh $rc_firewall_generic") == 0) or die "Could not start the firewall script"; (system("/etc/rc.d/init.d/named start") == 0) or die "Could not start the caching nameserver"; (system("/sbin/chkconfig --level 345 named on") == 0) or die "Could not chkconfig named"; (system("/etc/rc.d/init.d/dhcpd start") == 0) or die "Could not start the dhcp server"; (system("/sbin/chkconfig --level 345 dhcpd on") == 0) or die "Could not chkconfig dhcpd"; $cups_used and ((system("/etc/rc.d/init.d/cups start") == 0) or die "Could not start the CUPS daemon"); local *DRAKGW_SETUP; open DRAKGW_SETUP, ">$drakgw_setup" or die "Can't open $drakgw_setup"; print DRAKGW_SETUP "INET_SHARING=enabled\n"; close DRAKGW_SETUP; } sub stop_daemons() { log::l("[drakgw] Stopping daemons\n"); grep(/is running/, `/etc/rc.d/init.d/dhcpd status`) and ((system("/etc/rc.d/init.d/dhcpd stop") == 0) or die "Could not stop the dhcp server"); grep(/Connection refused/, `/etc/rc.d/init.d/named status 2>&1`) or ((system("/etc/rc.d/init.d/named stop") == 0) or die "Could not stop the named server"); if ($kernel_version eq "2.2") { (system("/sbin/ipchains -F") == 0) or die "Could not flush ipchains chains"; } else { (system("/sbin/iptables -t nat -F") == 0) or die "Could not flush iptables chains"; } (system("/sbin/chkconfig --level 345 named off") == 0) or die "Could not chkconfig named"; (system("/sbin/chkconfig --level 345 dhcpd off") == 0) or die "Could not chkconfig dhcpd"; local *DRAKGW_SETUP; open DRAKGW_SETUP, ">$drakgw_setup" or die "Can't open $drakgw_setup"; print DRAKGW_SETUP "INET_SHARING=disabled\n"; close DRAKGW_SETUP; } sub fatal_quit($) { log::l("[drakgw] FATAL: $_[0]\n"); (defined $wait_configuring) and (undef $wait_configuring); $in->ask_warn('', $_[0]); quit_global($in, -1); } begin: #- ********************************** #- * 0th step: verify if we are already set up $::isEmbedded and kill USR2, $::CCPID; if (-f $drakgw_setup) { open DRAKGW_SETUP, "$drakgw_setup" or die "Can't open $drakgw_setup"; my @drakgw_setup_content = ; close DRAKGW_SETUP; $::Wizard_no_previous = 1; if (grep(/enabled/, @drakgw_setup_content)) { my $r = $in->ask_from_list(_("Internet Connection Sharing currently enabled"), _("The setup of Internet connection sharing has already been done. It's currently enabled.\n What would you like to do?"), [ _("disable"), _("reconfigure"), _("dismiss") ]) or quit_global($in, 0); if ($r eq _("disable")) { undef $r; $wait_disabl = $in->wait_message('', _("Configuring scripts, installing software, starting servers...Disabling servers...")); stop_daemons(); -f "$dhcpd_conf.drakgwdisable" and (unlink("$dhcpd_conf.drakgwdisable") or die "Could not unlink $dhcpd_conf.drakgwdisable"); rename($dhcpd_conf, "$dhcpd_conf.drakgwdisable") or die "Could not rename $dhcpd_conf to $dhcpd_conf.drakgwdisable"; -f "$rc_firewall_22.drakgwdisable" and (unlink("$rc_firewall_22.drakgwdisable") or die "Could not unlink $rc_firewall_22.drakgwdisable"); rename($rc_firewall_22, "$rc_firewall_22.drakgwdisable") or die "Could not rename $rc_firewall_22 to $rc_firewall_22.drakgwdisable"; -f "$rc_firewall_24.drakgwdisable" and (unlink("$rc_firewall_24.drakgwdisable") or die "Could not unlink $rc_firewall_24.drakgwdisable"); rename($rc_firewall_24, "$rc_firewall_24.drakgwdisable") or die "Could not rename $rc_firewall_24 to $rc_firewall_24.drakgwdisable"; log::l("[drakgw] Disabled\n"); undef $wait_disabl; $::Wizard_finished = 1; $in->ask_okcancel(_("fuck"), _("Internet connection sharing is now disabled.")); quit_global($in, 0); } ($r eq _("dismiss")) and quit_global($in, 0); } elsif (grep(/disabled/, @drakgw_setup_content)) { my $r = $in->ask_from_list(_("Internet Connection Sharing currently disabled"), _("The setup of Internet connection sharing has already been done. It's currently disabled.\n What would you like to do?"), [ _("enable"), _("reconfigure"), _("dismiss") ]); if ($r eq _("enable")) { $wait_enabl = $in->wait_message('', _("Enabling servers...")); -f $dhcpd_conf and rename($dhcpd_conf, "$dhcpd_conf.old"); rename("$dhcpd_conf.drakgwdisable", $dhcpd_conf) or die "Could not find configuration. Please reconfigure."; -f $rc_firewall and rename($rc_firewall, "$rc_firewall.old"); rename("$rc_firewall.drakgwdisable", $rc_firewall) or die "Could not find configuration. Please reconfigure."; start_daemons(); log::l("[drakgw] Enabled\n"); undef $wait_enabl; $::Wizard_finished = 1; $in->ask_okcancel(_("fuck"), _("Internet connection sharing is now enabled.")); quit_global($in, 0); } ($r eq _("dismiss")) and quit_global($in, 0); } else { $in->ask_warn("Unrecognized config file", _("Config file content could not be interpreted.")); quit_global($in, -1); } } #- ********************************** #- * 1st step: detect/setup step_ask_confirm: $::Wizard_no_previous = 1; $::direct or $in->ask_okcancel(_("Internet Connection Sharing"), _("You are about to configure your computer to share its Internet connection.\n Note: you need a dedicated Network Adapter to set up a Local Area Network (LAN)."), 1) or quit_global($in, 0); undef $::Wizard_no_previous; step_detectsetup: my @configured_devices = map { /ifcfg-(\S+)/; $1 } `ls /etc/sysconfig/network-scripts/ifcfg*`; my %aliased_devices; (/^alias\s+(eth[0-9])\s+(\S+)/) and ($aliased_devices{$1} = $2) foreach cat_("/etc/modules.conf"); my $card_netconnect = netconnect::get_net_device("/"); (defined $card_netconnect) and log::l("[drakgw] Information from netconnect: ignore card $card_netconnect\n"); my @all_cards_getnet = detect_devices::getNet(); my @all_cards = (); foreach my $card (@all_cards_getnet) { log::l("[drakgw] Have network card: $card\n"); next if ($card eq $card_netconnect); push @all_cards, exists $aliased_devices{$card} ? "Interface $card ("._("using module")." $aliased_devices{$card})" : "Interface $card"; } log::l("[drakgw] Available network cards: ".join(" ; ", @all_cards)."\n"); #- setup the network interface we shall use my $interface; if (!@all_cards) { $in->ask_warn(_("No network adapter on your system!"), _("No ethernet network adapter has been detected on your system. Please run the hardware configuration tool.")); quit_global($in); } elsif ($#all_cards == 0) { $interface = $all_cards[0]; $in->ask_okcancel(_("Network interface"), _("There is only one configured network adapter on your system:\n\n$interface\n\nI am about to setup your Local Area Network with that adapter."), 1) or goto step_ask_confirm; } else { $interface = $in->ask_from_list(_("Choose the network interface"), _("Please choose what network adapter will be connected to your Local Area Network."), \@all_cards, ) or goto step_ask_confirm; defined $interface or quit_global($in); } my ($device) = $interface =~ /(eth[0-9]+)/ or die("Internal error"); log::l("[drakgw] Choosing network card: $device\n"); grep(/$device/, @configured_devices) and ($in->ask_okcancel('', _("Warning, the network adapter is already configured. I will reconfigure it.")) or goto step_detectsetup); my $lan_address = "192.168.0"; #- test for potential conflict with other networks foreach (@configured_devices) { if ($_ ne $device) { my @ifcfg_content = cat_("/etc/sysconfig/network-scripts/ifcfg-$_"); grep(/$lan_address/, @ifcfg_content) and ($in->ask_warn('', _("Potential LAN address conflict found in current config of $_!\n")) or goto step_detectsetup); } } #- test for potential conflict with previous firewall config my @chain_rules; if ($kernel_version eq "2.2") { if (-f "/etc/sysconfig/ipchains" or ((-x "/sbin/ipchains") and (@chain_rules = `/sbin/ipchains -nL`) and (@chain_rules > 3))) { $in->ask_okcancel(_("Firewalling configuration detected!"), _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup; } } else { if (-f "/etc/sysconfig/iptables" or ((-x "/sbin/iptables") and (@chain_rules = `/sbin/iptables -t nat -nL`) and (@chain_rules > 8))) { $in->ask_okcancel(_("Firewalling configuration detected!"), _("Warning! An existing firewalling configuration has been detected. You may need some manual fix after installation.")) or goto step_detectsetup; } } #- ********************************** #- * 2nd step: configure $wait_configuring = $in->wait_message(_("Configuring..."), _("Configuring scripts, installing software, starting servers...")); #- setup the /etc/sysconfig/network-script/ script my $network_scripts = "/etc/sysconfig/network-scripts"; -f "$network_scripts/ifcfg-$device" and rename("$network_scripts/ifcfg-$device", "$network_scripts/old.ifcfg-$device"); my $ifcfg = "$network_scripts/ifcfg-$device"; output($ifcfg, qq(DEVICE=$device BOOTPROTO=static IPADDR=$lan_address.1 NETMASK=255.255.255.0 NETWORK=$lan_address.0 BROADCAST=$lan_address.255 ONBOOT=yes )); #- install and setup the RPM packages my $rpms_to_install; my %bin2rpm = ( "/sbin/ipchains" => "ipchains", "/usr/sbin/dhcpd" => "dhcp", $conf_linuxconf => "linuxconf", "/usr/sbin/named" => "bind", "/var/named/named.local" => "caching-nameserver" ); -e $_ or $rpms_to_install .= "$bin2rpm{$_} " foreach (keys %bin2rpm); $in->standalone::pkgs_install($rpms_to_install); -e $_ or fatal_quit(_("Problems installing package $bin2rpm{$_}")) foreach (keys %bin2rpm); #- setup the masquerading configuration if (!-f $rc_firewall_generic || !grep(/drakgw/, cat_($rc_firewall_generic))) { output($rc_firewall_generic, qq(#!/bin/sh # # Automatically generated by drakgw KERNELMAJ=`uname -r | sed -e 's,\\..*,,'` KERNELMIN=`uname -r | sed -e 's,[^\\.]*\\.,,' -e 's,\\..*,,'` if [ "\$KERNELMAJ" -eq 2 -a "\$KERNELMIN" -eq 2 ]; then [ -x $rc_firewall_22 ] && $rc_firewall_22 fi if [ "\$KERNELMAJ" -eq 2 -a "\$KERNELMIN" -eq 4 ]; then [ -x $rc_firewall_24 ] && $rc_firewall_24 fi )); } chmod 0700, $rc_firewall_generic; output($rc_firewall_22, qq(#!/bin/sh # # rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels using IPCHAINS # # Load all required IP MASQ modules # # NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules # are shown below but are commented out from loading. # Needed to initially load modules # /sbin/depmod -a # Supports the proper masquerading of FTP file transfers using the PORT method # /sbin/modprobe ip_masq_ftp # Supports the masquerading of RealAudio over UDP. Without this module, # RealAudio WILL function but in TCP mode. This can cause a reduction # in sound quality # /sbin/modprobe ip_masq_raudio # Supports the masquerading of IRC DCC file transfers # /sbin/modprobe ip_masq_irc # Supports the masquerading of Quake and QuakeWorld by default. This modules is # for for multiple users behind the Linux MASQ server. If you are going to play # Quake I, II, and III, use the second example. # # NOTE: If you get ERRORs loading the QUAKE module, you are running an old # ----- kernel that has bugs in it. Please upgrade to the newest kernel. # #Quake I / QuakeWorld (ports 26000 and 27000) #/sbin/modprobe ip_masq_quake # #Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960) /sbin/modprobe ip_masq_quake 26000,27000,27910,27960 # Supports the masquerading of the CuSeeme video conferencing software # /sbin/modprobe ip_masq_cuseeme #Supports the masquerading of the VDO-live video conferencing software # /sbin/modprobe ip_masq_vdolive #CRITICAL: Enable IP forwarding since it is disabled by default since # # Redhat Users: you may try changing the options in /etc/sysconfig/network from: # # FORWARD_IPV4=false # to # FORWARD_IPV4=true # echo "1" > /proc/sys/net/ipv4/ip_forward # Dynamic IP users: # # If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this following # option. This enables dynamic-ip address hacking in IP MASQ, making the life # with Diald and similar programs much easier. # #echo "1" > /proc/sys/net/ipv4/ip_dynaddr # MASQ timeouts # # 2 hrs timeout for TCP session timeouts # 10 sec timeout for traffic after the TCP/IP "FIN" packet is received # 160 sec timeout for UDP traffic (Important for MASQ'ed ICQ users) # /sbin/ipchains -M -S 7200 10 160 # DHCP: For people who receive their external IP address from either DHCP or BOOTP # such as ADSL or Cablemodem users, it is necessary to use the following # before the deny command. The "bootp_client_net_if_name" should be replaced # the name of the link that the DHCP/BOOTP server will put an address on to? # This will be something like "eth0", "eth1", etc. # # This example is currently commented out. # # #/sbin/ipchains -A input -j ACCEPT -i bootp_clients_net_if_name -s 0/0 67 -d 0/0 68 -p udp # Enable simple IP forwarding and Masquerading # # NOTE: The following is an example for an internal LAN address in the 192.168.0.x # network with a 255.255.255.0 or a "24" bit subnet mask. # # Please change this network number and subnet mask to match your internal LAN setup # /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s $lan_address.0/24 -j MASQ )); chmod 0700, $rc_firewall_22; output($rc_firewall_24, qq(#!/bin/sh # Load the NAT module (this pulls in all the others). modprobe iptable_nat # In the NAT table (-t nat), Append a rule (-A) after routing (POSTROUTING) # which says to MASQUERADE the connection (-j MASQUERADE). iptables -t nat -A POSTROUTING -s $lan_address.0/24 -j MASQUERADE # Turn on IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward )); chmod 0700, $rc_firewall_24; #- be sure that FORWARD_IPV4 is enabled in /etc/sysconfig/network substInFile { s/^FORWARD_IPV4.*\n//; $_ .= "FORWARD_IPV4=true\n" if eof } $sysconf_network; #- setup the DHCP server -f $dhcpd_conf and rename($dhcpd_conf, "$dhcpd_conf.old"); output($dhcpd_conf, qq(subnet $lan_address.0 netmask 255.255.255.0 { # default gateway option routers $lan_address.1; option subnet-mask 255.255.255.0; option domain-name "homelan.org"; option domain-name-servers $lan_address.1; range dynamic-bootp $lan_address.16 $lan_address.253; default-lease-time 21600; max-lease-time 43200; } )); #- put the interface for the dhcp server in linuxconf config, for the /etc script of dhcpd substInFile { s/^DHCP.interface.*\n//; $_ .= "DHCP.interface $device\n" if eof } $conf_linuxconf; #- Set up /etc/cups/cupsd.conf to make the broadcasting of the printer info #- working correctly: #- #- 1. ServerName # because clients do necessarily #- # know the server's name #- #- 2. BrowseAddress # broadcast printer info into #- # the local network. #- #- These steps are only done when the CUPS package is installed. (-f $cups_conf) and substInFile { s/^ServerName[^:].*\n//; $_ .= "ServerName $lan_address.1\n" if eof; s/^BrowseAddress.*\n//; $_ .= "BrowseAddress $lan_address.255\n" if eof; } $cups_conf; #- start the daemons start_daemons(); #- bye-bye message undef $wait_configuring; $::Wizard_no_previous = 1; $::Wizard_finished = 1; $in->ask_okcancel(_("Congratulations!"), _("Everything has been configured. You may now share Internet connection with other computers on your Local Area Network, using automatic network configuration (DHCP).")); log::l("[drakgw] Installation complete, exiting\n"); quit_global($in, 0); sub quit_global { my ($in, $exitcode) = @_; $::isEmbedded ? kill(USR1, $::CCPID) : $in->exit($exitcode); goto begin } #------------------------------------------------- #- $Log$ #- Revision 1.24 2001/03/12 18:26:16 gc #- - make it work as a wizard #- - make it work with iptables (kernel-2.4) #- #- Revision 1.23 2001/03/01 00:18:17 damien #- updated embedded mode #- #- Revision 1.22 2001/02/26 18:39:12 prigaux #- pixelization #- #- Revision 1.21 2001/02/08 10:11:37 damien #- implemented or updated embedded mode #- #- Revision 1.20 2001/02/08 07:00:41 damien #- added embedded and (ugly) wizard mode. #- #- Revision 1.19 2001/01/10 00:32:42 prigaux #- use standalone and standalone::pkgs_install #- #- Revision 1.18 2000/12/16 16:13:34 prigaux #- use ldetect-lst #- #- Revision 1.17 2000/11/13 15:48:33 gc #- Integrate Till's patches for better work with Cups. #- #- Revision 1.16 2000/10/10 15:31:50 gc #- make only one call to urpmi in order to install all the needed rpm's #-