bb1b19d0cc74866debf0d83ec63c635865131242
[people/pmueller/ipfire-2.x.git] / src / initscripts / init.d / network
1 #!/bin/sh
2 ########################################################################
3 # Begin $rc_base/init.d/network
4 #
5 # Description : Network Control Script
6 #
7 # Authors : Michael Tremer - m.s.tremer@googlemail.com
8 #
9 # Version : 00.00
10 #
11 # Notes : Written for IPFire by its team
12 #
13 ########################################################################
14
15 . /etc/sysconfig/rc
16 . ${rc_functions}
17 . /var/ipfire/ethernet/settings
18 . /var/ipfire/dhcp/settings
19 . /var/ipfire/ppp/settings
20 . /var/ipfire/vpn/settings
21
22 # This is a small wrapper for dhcpcd.exe
23 if ( echo $0 | /bin/grep -q 'dhcpcd.exe' ); then
24 /etc/rc.d/init.d/network red update $1 $2
25 fi
26
27 case "${1}" in
28 start)
29 boot_mesg "Loading MASQ helper modules"
30 modprobe iptable_nat
31 modprobe ip_conntrack
32 modprobe ip_conntrack_ftp
33 modprobe ip_nat_ftp
34 modprobe ip_conntrack_h323
35 modprobe ip_nat_h323
36 modprobe ip_conntrack_irc
37 modprobe ip_nat_irc
38 modprobe ip_conntrack_mms
39 modprobe ip_nat_mms
40 modprobe ip_conntrack_pptp
41 modprobe ip_nat_pptp
42
43 # Remove possible leftover files
44 rm -f CONFIG_ROOT/red/{active,device,dial-on-demand,dns1,dns2,local-ipaddress,remote-ipaddress,resolv.conf}
45
46 # The 'for' loop force driver loading order
47 for NIC in 0 1 2 3; do
48 ETHX="eth${NIC}"
49 if [ "$GREEN_DEV" == "$ETHX" ]; then
50 if [ "$GREEN_DRIVER" != "" ]; then
51 modprobe $GREEN_DRIVER $GREEN_DRIVER_OPTIONS
52 evaluate_retval
53 fi
54 fi
55 if [ "$ORANGE_DEV" == "$ETHX" ]; then
56 if [ "$ORANGE_DRIVER" != "" ]; then
57 modprobe $ORANGE_DRIVER $ORANGE_DRIVER_OPTIONS
58 evaluate_retval
59 fi
60 fi
61 if [ "$BLUE_DEV" == "$ETHX" ]; then
62 if [ "$BLUE_DRIVER" != "" ]; then
63 modprobe $BLUE_DRIVER $BLUE_DRIVER_OPTIONS
64 evaluate_retval
65 fi
66 fi
67 if [ "$RED_DEV" == "$ETHX" ]; then
68 if [ "$RED_DRIVER" != "" ]; then
69 modprobe $RED_DRIVER $RED_DRIVER_OPTIONS
70 evaluate_retval
71 fi
72 fi
73 done
74
75 boot_mesg "Setting up IPFire firewall rules"
76 /etc/rc.d/init.d/firewall start; evaluate_retval
77
78 boot_mesg "Setting up IP Accounting"
79 /etc/rc.d/helper/writeipac.pl
80 /usr/sbin/fetchipac -S; evaluate_retval
81
82 boot_mesg "Setting IPFire DMZ pinholes"
83 /usr/local/bin/setdmzholes; evaluate_retval
84
85 if [ "$BLUE_DEV" != "" ]; then
86 boot_mesg "Setting up wireless firewall rules"
87 /usr/local/bin/restartwireless; evaluate_retval
88 fi
89
90 # Bringing interfaces up...
91 $0 green up
92 $0 orange up
93 $0 blue up
94 $0 red up
95
96 ;;
97
98 stop)
99 # Stopping all interfaces...
100 $0 red down
101 $0 blue down
102 $0 orange down
103 $0 green down
104 ;;
105
106 restart)
107 ${0} stop
108 sleep 1
109 ${0} start
110 ;;
111
112 #
113 # Every interface has its own context to start/stop/restart.
114 #
115 green)
116 case "${2}" in
117 up)
118 boot_mesg "Bringing green network up..."
119 if [ "$GREEN_DEV" != "" ]; then
120 ifconfig $GREEN_DEV $GREEN_ADDRESS netmask $GREEN_NETMASK broadcast $GREEN_BROADCAST up
121 evaluate_retval
122 else
123 echo "WARNING: No driver set for GREEN"
124 fi
125 ;;
126 down)
127 boot_mesg "Bringing green network down..."
128 ifconfig $GREEN_DEV down 2> /dev/null; evaluate_retval
129 ;;
130 esac
131 ;;
132
133 orange)
134 case "${2}" in
135 up)
136 if [ "$CONFIG_TYPE" = "1" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "7" ]; then
137 if [ "$ORANGE_DEV" != "" ]; then
138 boot_mesg "Bringing orange network up..."
139 ifconfig $ORANGE_DEV $ORANGE_ADDRESS netmask $ORANGE_NETMASK broadcast $ORANGE_BROADCAST up
140 evaluate_retval
141 fi
142 fi
143 ;;
144 down)
145 if [ "$ORANGE_DEV" != "" ]; then
146 boot_mesg "Bringing orange network down..."
147 ifconfig $ORANGE_DEV down 2> /dev/null; evaluate_retval
148 fi
149 ;;
150 esac
151 ;;
152
153 blue)
154 case "${2}" in
155 up)
156 if [ "$CONFIG_TYPE" = "4" -o "$CONFIG_TYPE" = "5" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
157 if [ "$BLUE_DEV" != "" ]; then
158 boot_mesg "Bringing blue network up..."
159 ifconfig $BLUE_DEV $BLUE_ADDRESS netmask $BLUE_NETMASK broadcast $BLUE_BROADCAST up
160 evaluate_retval
161 fi
162 fi
163 ;;
164 down)
165 if [ "$BLUE_DEV" != "" ]; then
166 boot_mesg "Bringing blue network down..."
167 ifconfig $BLUE_DEV down 2> /dev/null; evaluate_retval
168 fi
169 ;;
170 esac
171 ;;
172
173 red)
174 case "${2}" in
175 up)
176 boot_mesg "Bringing red network up..."
177 # If RED is ethernet then check furthur...
178 if [ "$CONFIG_TYPE" == "2" -o "$CONFIG_TYPE" == "3" -o "$CONFIG_TYPE" == "6" -o "$CONFIG_TYPE" == "7" ]; then
179 # If we are DHCP or STATIC we have to start automatically
180 if [ "$RED_TYPE" == "DHCP" -o "$RED_TYPE" == "STATIC" ]; then
181 AUTOCONNECT="on"
182 fi
183 fi
184
185 # Start DNSMASQ with defaults
186 if [ "$DOMAIN_NAME_GREEN" == "" ]; then
187 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases
188 else
189 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases -s "$DOMAIN_NAME_GREEN"
190 fi
191
192 # Only when AUTOCONNECT is on
193 if [ "$AUTOCONNECT" == "on" ]; then
194 /etc/rc.d/init.d/red start; evaluate_retval
195 fi
196 ;;
197 down)
198 boot_mesg "Bringing red network down..."
199 /etc/rc.d/init.d/red stop
200 sleep 3
201 /etc/rc.d/init.d/red clear; evaluate_retval
202 ;;
203 update)
204 if [ ! -e /var/lock/rc.updatered.lock ]; then
205 /usr/bin/touch /var/lock/rc.updatered.lock
206 /usr/bin/logger -s -p local0.info -t rc.updatered "$0 locking for $$"
207 else
208 count=0
209 while [ ! $count = 5 ]; do
210 sleep 3
211 if [ ! -e /var/lock/rc.updatered.lock ]; then
212 break
213 else
214 /usr/bin/logger -s -p local0.info -t rc.updatered "$0 $$ waiting unlock"
215 fi
216 ((++count))
217 done
218 fi
219
220 IFACE=`/bin/cat /var/ipfire/red/iface 2>/dev/null | /usr/bin/tr -d '\012'`
221 REMOTE=`/bin/cat /var/ipfire/red/remote-ipaddress 2>/dev/null | /usr/bin/tr -d '\012'`
222
223 ###
224 ### Retrieve DHCP Settings
225 ###
226 if [ "$CONFIG_TYPE" = "2" -o "$CONFIG_TYPE" = "3" -o "$CONFIG_TYPE" = "6" -o "$CONFIG_TYPE" = "7" ]; then
227 if [ "$RED_TYPE" = "DHCP" ]; then
228 unset DNS1 DNS2
229 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
230 if [ "$DNS1" = "" ]; then
231 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
232 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
233 else
234 echo "$DNS1" > /var/ipfire/red/dns1
235 echo "$DNS2" > /var/ipfire/red/dns2
236 fi
237 . /var/ipfire/dhcpc/dhcpcd-${RED_DEV}.info
238 echo "$IPADDR" > /var/ipfire/red/local-ipaddress
239 echo "$GATEWAY" > /var/ipfire/red/remote-ipaddress
240 fi
241 else
242 if [ "$PROTOCOL" = "RFC1483" -a "$METHOD" = "DHCP" ]; then
243 unset DNS1 DNS2
244 eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
245 if [ "$DNS" = "Automatic" ]; then
246 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 1` > /var/ipfire/red/dns1
247 echo -n `/etc/rc.d/helper/getdnsfromdhcpc.pl 2` > /var/ipfire/red/dns2
248 else
249 echo "$DNS1" > /var/ipfire/red/dns1
250 echo "$DNS2" > /var/ipfire/red/dns2
251 fi
252 . /var/ipfire/dhcpc/dhcpcd-${IFACE}.info
253 echo $IPADDR > /var/ipfire/red/local-ipaddress
254 echo $GATEWAY > /var/ipfire/red/remote-ipaddress
255 fi
256 fi
257
258 ###
259 ### Retrieve DNS settings
260 ###
261 DNS1=`/bin/cat /var/ipfire/red/dns1 2>/dev/null | /usr/bin/tr -d '\012'`
262 DNS2=`/bin/cat /var/ipfire/red/dns2 2>/dev/null | /usr/bin/tr -d '\012'`
263 echo > /var/ipfire/red/resolv.conf #clear it
264 [ "$DNS1" != "" ] && echo "nameserver $DNS1" > /var/ipfire/red/resolv.conf
265 [ "$DNS2" != "" ] && echo "nameserver $DNS2" >> /var/ipfire/red/resolv.conf
266
267
268 ###
269 ### Restart DNSMASQ
270 ###
271 /bin/killall -KILL dnsmasq 2> /dev/null
272 sleep 1
273
274 DOMopt=""
275 [ "$DOMAIN_NAME_GREEN" ] && DOMopt="-s $DOMAIN_NAME_GREEN"
276 if [ -e "/var/ipfire/red/dial-on-demand" -a "$DIALONDEMANDDNS" == "on" -a ! -e "/var/ipfire/red/active" ]; then
277 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/ppp/fake-resolv.conf
278 else
279 /usr/sbin/dnsmasq -l /var/state/dhcp/dhcpd.leases $DOMopt -r /var/ipfire/red/resolv.conf
280 fi
281 unset DOMopt
282
283 # Reset default route to ippp0 for dial on demand
284 if [ -e "/var/ipfire/red/dial-on-demand" -a "$TYPE" == "isdn" -a ! -e "/var/ipfire/red/active" ]; then
285 /sbin/route del default 2> /dev/null
286 if [ ! -z "$REMOTE" ]; then
287 /sbin/route add default gw $REMOTE 2> /dev/null
288 else
289 /sbin/route add default dev ippp0 2> /dev/null
290 fi
291 fi
292
293 if [ "$3" ]; then
294 eval $(/usr/local/bin/readhash "$3")
295 case "$4" in
296 up)
297 /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with old IP=${IPADDR}"
298 if [ "$RED_TYPE" != 'PPTP' ]; then
299 /usr/bin/touch /var/ipfire/red/active
300 fi
301 ;;
302 new)
303 /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been configured with new IP=${IPADDR}"
304 if [ -e "/var/ipfire/red/active" ]; then
305 /usr/local/bin/setfilters
306 /usr/local/bin/setportfw
307 /usr/local/bin/setxtaccess
308 /usr/local/bin/setddns.pl -f
309 /usr/local/bin/restartsnort red
310 sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
311 /bin/rm -f /var/lock/rc.updatered.lock
312 /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
313 exit 0
314 else
315 if [ "$RED_TYPE" != 'PPTP' ]; then
316 /usr/bin/touch /var/ipfire/red/active
317 fi
318 fi
319 ;;
320 down)
321 /usr/bin/logger -s -p local0.info -t dhcpcd.exe "${INTERFACE} has been brought down"
322 rm -f /var/ipfire/red/active
323 ;;
324 esac
325 fi
326
327 if [ -e "/var/ipfire/red/active" ]; then
328 [ "$IFACE" != "" ] && /sbin/ifconfig $IFACE -multicast
329 /etc/rc.d/init.d/firewall reload
330 /usr/local/bin/setfilters
331 /usr/local/bin/restartsnort red
332 /usr/local/bin/qosctrl restart
333 /usr/local/bin/setportfw
334 /usr/local/bin/setxtaccess
335 /usr/local/bin/setddns.pl -f
336 /etc/rc.d/helper/writeipac.pl
337 /usr/sbin/fetchipac -S
338 sleep $VPN_DELAYED_START && /usr/local/bin/ipsecctrl S &
339 else
340 /usr/local/bin/ipsecctrl D
341 /etc/rc.d/init.d/firewall reload
342 fi
343 /bin/rm -f /var/lock/rc.updatered.lock
344 /usr/bin/logger -s -p local0.info -t rc.updatered "unlocking from $$"
345 ;;
346 esac
347 ;;
348
349 *)
350 echo "Usage: ${0} {start|stop|restart}"
351 echo " or: ${0} {green|orange|blue|red} {up|down}"
352 exit 1
353 ;;
354 esac
355
356 # End /etc/rc.d/init.d/network