9e2056f3a04ece310fef109f9cb2f85dd93592d4
[people/pmueller/ipfire-2.x.git] / src / initscripts / init.d / network
1 #!/bin/sh
2 ########################################################################
3 # Begin $rc_base/init.d/network
4 #
5 # Description : Network Control Script
6 #
7 # Authors : Michael Tremer - m.s.tremer@googlemail.com
8 #
9 # Version : 00.00
10 #
11 # Notes : Written for IPFire by its team
12 #
13 ########################################################################
14
15 . /etc/sysconfig/rc
16 . ${rc_functions}
17 . /var/ipfire/ethernet/settings
18 . /var/ipfire/dhcp/settings
19 . /var/ipfire/ppp/settings
20 . /var/ipfire/vpn/settings
21
22 # This is a small wrapper for dhcpcd.exe
23 if ( echo $0 | /bin/grep -q 'dhcpcd.exe' ); then
24 /etc/rc.d/init.d/network red update $1 $2
25 fi
26
27 case "${1}" in
28 start)
29 boot_mesg "Loading MASQ helper modules"
30 modprobe iptable_nat
31 modprobe ip_conntrack
32 modprobe ip_conntrack_ftp
33 modprobe ip_nat_ftp
34 modprobe ip_conntrack_h323
35 modprobe ip_nat_h323
36 modprobe ip_conntrack_irc
37 modprobe ip_nat_irc
38 modprobe ip_conntrack_mms
39 modprobe ip_nat_mms
40 modprobe ip_conntrack_pptp
41 modprobe ip_nat_pptp
42 modprobe ip_conntrack_sip
43 modprobe ip_nat_sip
44
45 # Remove possible leftover files
46 rm -f CONFIG_ROOT/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
47
48 # The 'for' loop force driver loading order
49 for NIC in 0 1 2 3; do
50 ETHX="eth${NIC}"
51 if [ "$GREEN_DEV" == "$ETHX" ]; then
52 if [ "$GREEN_DRIVER" != "" ]; then
53 modprobe $GREEN_DRIVER $GREEN_DRIVER_OPTIONS
54 evaluate_retval
55 fi
56 fi
57 if [ "$ORANGE_DEV" == "$ETHX" ]; then
58 if [ "$ORANGE_DRIVER" != "" ]; then
59 modprobe $ORANGE_DRIVER $ORANGE_DRIVER_OPTIONS
60 evaluate_retval
61 fi
62 fi
63 if [ "$BLUE_DEV" == "$ETHX" ]; then
64 if [ "$BLUE_DRIVER" != "" ]; then
65 modprobe $BLUE_DRIVER $BLUE_DRIVER_OPTIONS
66 evaluate_retval
67 fi
68 fi
69 if [ "$RED_DEV" == "$ETHX" ]; then
70 if [ "$RED_DRIVER" != "" ]; then
71 modprobe $RED_DRIVER $RED_DRIVER_OPTIONS
72 evaluate_retval
73 fi
74 fi
75 done
76
77 boot_mesg "Setting up IPFire firewall rules"
78 /etc/rc.d/init.d/firewall start; evaluate_retval
79
80 boot_mesg "Setting up IP Accounting"
81 /etc/rc.d/helper/writeipac.pl
82 /usr/sbin/fetchipac -S; evaluate_retval
83
84 boot_mesg "Setting IPFire DMZ pinholes"
85 /usr/local/bin/setdmzholes; evaluate_retval
86
87 if [ "$BLUE_DEV" != "" ]; then
88 boot_mesg "Setting up wireless firewall rules"
89 /usr/local/bin/restartwireless; evaluate_retval
90 fi
91
92 # Bringing interfaces up...
93 $0 green up
94 $0 orange up
95 $0 blue up
96 $0 red up
97
98 ;;
99
100 stop)
101 # Stopping all interfaces...
102 $0 red down
103 $0 blue down
104 $0 orange down
105 $0 green down
106 ;;
107
108 restart)
109 ${0} stop
110 sleep 1
111 ${0} start
112 ;;
113
114 #
115 # Every interface has its own context to start/stop/restart.
116 #
117 green)
118 case "${2}" in
119 up)
120 boot_mesg "Bringing green network up..."
121 if [ "$GREEN_DEV" != "" ]; then
122 ifconfig $GREEN_DEV $GREEN_ADDRESS netmask $GREEN_NETMASK broadcast $GREEN_BROADCAST up
123 evaluate_retval
124 else
125 echo "WARNING: No driver set for GREEN"
126 fi
127 ;;
128 down)
129 boot_mesg "Bringing green network down..."
130 ifconfig $GREEN_DEV down 2> /dev/null; evaluate_retval
131 ;;
132 esac
133 ;;
134
135 orange)
136 case "${2}" in
137 up)
138 if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "7" ]; then
139 if [ "$ORANGE_DEV" != "" ]; then
140 boot_mesg "Bringing orange network up..."
141 ifconfig $ORANGE_DEV $ORANGE_ADDRESS netmask $ORANGE_NETMASK broadcast $ORANGE_BROADCAST up
142 evaluate_retval
143 fi
144 fi
145 ;;
146 down)
147 if [ "$ORANGE_DEV" != "" ]; then
148 boot_mesg "Bringing orange network down..."
149 ifconfig $ORANGE_DEV down 2> /dev/null; evaluate_retval
150 fi
151 ;;
152 esac
153 ;;
154
155 blue)
156 case "${2}" in
157 up)
158 if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
159 if [ "$BLUE_DEV" != "" ]; then
160 boot_mesg "Bringing blue network up..."
161 ifconfig $BLUE_DEV $BLUE_ADDRESS netmask $BLUE_NETMASK broadcast $BLUE_BROADCAST up
162 evaluate_retval
163 fi
164 fi
165 ;;
166 down)
167 if [ "$BLUE_DEV" != "" ]; then
168 boot_mesg "Bringing blue network down..."
169 ifconfig $BLUE_DEV down 2> /dev/null; evaluate_retval
170 fi
171 ;;
172 esac
173 ;;
174
175 red)
176 case "${2}" in
177 up)
178 boot_mesg "Bringing red network up..."
179 # If RED is ethernet then check furthur...
180 if [ "$CONFIG_TYPE" == "2" -o "$CONFIG_TYPE" == "3" -o "$CONFIG_TYPE" == "6" -o "$CONFIG_TYPE" == "7" ]; then
181 # If we are DHCP or STATIC we have to start automatically
182 if [ "$RED_TYPE" == "DHCP" -o "$RED_TYPE" == "STATIC" ]; then
183 AUTOCONNECT="on"
184 fi
185 fi
186
187 # Start DNSMASQ with defaults
188 if [ "$DOMAIN_NAME_GREEN" == "" ]; then
189 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
190 else
191 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
192 fi
193
194 # Only when AUTOCONNECT is on
195 if [ "$AUTOCONNECT" == "on" ]; then
196 /etc/rc.d/init.d/red start; evaluate_retval
197 fi
198 ;;
199 down)
200 boot_mesg "Bringing red network down..."
201 /etc/rc.d/init.d/red stop
202 sleep 3
203 /etc/rc.d/init.d/red clear; evaluate_retval
204 ;;
205 update)
206 if [ ! -e /var/lock/rc.updatered.lock ]; then
207 /usr/bin/touch /var/lock/rc.updatered.lock
208 /usr/bin/logger -s -p local0.info -t rc.updatered "$0 locking for $$"
209 else
210 count=0
211 while [ ! $count = 5 ]; do
212 sleep 3
213 if [ ! -e /var/lock/rc.updatered.lock ]; then
214 break
215 else
216 /usr/bin/logger -s -p local0.info -t rc.updatered "$0 $$ waiting unlock"
217 fi
218 ((++count))
219 done
220 fi
221
222 IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
223 REMOTE=`/bin/cat /var/ipfire/red/remote-ipaddress 2>/dev/null | /usr/bin/tr -d '\012'`
224
225 ###
226 ### Retrieve DHCP Settings
227 ###
228 if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
229 if [ "$RED_TYPE" = "DHCP" ]; then
230 unset DNS1 DNS2
231 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
232 if [ "$DNS1" = "" ]; then
233 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
234 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
235 else
236 echo "$DNS1" > /var/ipfire/red/dns1
237 echo "$DNS2" > /var/ipfire/red/dns2
238 fi
239 . /var/ipfire/dhcpc/dhcpcd-${RED_DEV}.info
240 echo "$IPADDR" > /var/ipfire/red/local-ipaddress
241 echo "$GATEWAY" > /var/ipfire/red/remote-ipaddress
242 fi
243 else
244 if [ "$PROTOCOL" = "RFC1483" -a "$METHOD" = "DHCP" ]; then
245 unset DNS1 DNS2
246 eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
247 if [ "$DNS" = "Automatic" ]; then
248 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
249 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
250 else
251 echo "$DNS1" > /var/ipfire/red/dns1
252 echo "$DNS2" > /var/ipfire/red/dns2
253 fi
254 . /var/ipfire/dhcpc/dhcpcd-${IFACE}.info
255 echo $IPADDR > /var/ipfire/red/local-ipaddress
256 echo $GATEWAY > /var/ipfire/red/remote-ipaddress
257 fi
258 fi
259
260 ###
261 ### Retrieve DNS settings
262 ###
263 DNS1=`/bin/cat /var/ipfire/red/dns1 2>/dev/null | /usr/bin/tr -d '\012'`
264 DNS2=`/bin/cat /var/ipfire/red/dns2 2>/dev/null | /usr/bin/tr -d '\012'`
265 echo > /var/ipfire/red/resolv.conf #clear it
266 [ "$DNS1" != "" ] && echo "nameserver $DNS1" > /var/ipfire/red/resolv.conf
267 [ "$DNS2" != "" ] && echo "nameserver $DNS2" >> /var/ipfire/red/resolv.conf
268
269
270 ###
271 ### Restart DNSMASQ
272 ###
273 /bin/killall -KILL dnsmasq 2> /dev/null
274 sleep 1
275
276 DOMopt=""
277 [ "$DOMAIN_NAME_GREEN" ] && DOMopt="-s $DOMAIN_NAME_GREEN"
278 if [ -e "/var/ipfire/red/dial-on-demand" -a "$DIALONDEMANDDNS" == "on" -a ! -e "/var/ipfire/red/active" ]; then
279 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/ppp/fake-resolv.conf
280 else
281 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/red/resolv.conf
282 fi
283 unset DOMopt
284
285 # Reset default route to ippp0 for dial on demand
286 if [ -e "/var/ipfire/red/dial-on-demand" -a "$TYPE" == "isdn" -a ! -e "/var/ipfire/red/active" ]; then
287 /sbin/route del default 2> /dev/null
288 if [ ! -z "$REMOTE" ]; then
289 /sbin/route add default gw $REMOTE 2> /dev/null
290 else
291 /sbin/route add default dev ippp0 2> /dev/null
292 fi
293 fi
294
295 if [ "$3" ]; then
296 eval $(/usr/local/bin/readhash "$3")
297 case "$4" in
298 up)
299 /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with old IP=${IPADDR}"
300 if [ "$RED_TYPE" != 'PPTP' ]; then
301 /usr/bin/touch /var/ipfire/red/active
302 fi
303 ;;
304 new)
305 /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with new IP=${IPADDR}"
306 if [ -e "/var/ipfire/red/active" ]; then
307 /usr/local/bin/setfilters
308 /usr/local/bin/setportfw
309 /usr/local/bin/setxtaccess
310 /usr/local/bin/setddns.pl -f
311 /usr/local/bin/restartsnort red
312 sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
313 /bin/rm -f /var/lock/rc.updatered.lock
314 /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
315 exit 0
316 else
317 if [ "$RED_TYPE" != 'PPTP' ]; then
318 /usr/bin/touch /var/ipfire/red/active
319 fi
320 fi
321 ;;
322 down)
323 /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been brought down"
324 rm -f /var/ipfire/red/active
325 ;;
326 esac
327 fi
328
329 if [ -e "/var/ipfire/red/active" ]; then
330 [ "$IFACE" != "" ] && /sbin/ifconfig $IFACE -multicast
331 /etc/rc.d/init.d/firewall reload
332 /usr/local/bin/setfilters
333 /usr/local/bin/restartsnort red
334 /usr/local/bin/qosctrl restart
335 /usr/local/bin/setportfw
336 /usr/local/bin/setxtaccess
337 /usr/local/bin/setddns.pl -f
338 /etc/rc.d/helper/writeipac.pl
339 /usr/sbin/fetchipac -S
340 sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
341 else
342 /usr/local/bin/ipsecctrl D
343 /etc/rc.d/init.d/firewall reload
344 fi
345 /bin/rm -f /var/lock/rc.updatered.lock
346 /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
347 ;;
348 esac
349 ;;
350
351 *)
352 echo "Usage: ${0} {start|stop|restart}"
353 echo " or: ${0} {green|orange|blue|red} {up|down}"
354 exit 1
355 ;;
356 esac
357
358 # End /etc/rc.d/init.d/network