#!/bin/bash # Bridge service on SME # This service will configure a bridge interface on your server # allowing each enslaved interfaces to act as a switch port. # Source function library. . /etc/rc.d/init.d/functions # Bridge Interface BRIDGE_IF=$(/sbin/e-smith/db configuration getprop bridge bridgeInterface) BRIDGE_PROMISC=$(/sbin/e-smith/db configuration getprop bridge Promiscuous) # Define list of TAP interfaces to be bridged, # for example tap="tap0 tap1 tap2". # Defaults is tap0 TAP_IF=$(/sbin/e-smith/db configuration getprop bridge tapInterface) # Replace ; and , with spaces TAP_IF=$(echo $TAP_IF | sed -e "s/[,;]/ /g") # Define physical ethernet interface to be bridged # with TAP interface(s) above. ETH_IF=$(/sbin/e-smith/db configuration getprop bridge ethernetInterface) ETH_MAC=$(/sbin/e-smith/db configuration getprop InternalInterface HWAddress) ETH_IP=$(/sbin/e-smith/db configuration get LocalIP) ETH_MASK=$(/sbin/e-smith/db configuration getprop InternalInterface Netmask) # System mode: serveronly, server&gateway ... MODE=$(/sbin/e-smith/db configuration get SystemMode) # Path of openvpn binary openvpn="" openvpn_locations="/usr/sbin/openvpn /usr/local/sbin/openvpn" for location in $openvpn_locations do if [ -f "$location" ] then openvpn=$location fi done # Check that binary exists if ! [ -f $openvpn ] then echo "openvpn binary not found" exit 0 fi # Sub to reconfigure the firewall firewall(){ /sbin/e-smith/expand-template /etc/rc.d/init.d/masq >/dev/null 2>&1 #/sbin/service masq restart >/dev/null 2>&1 /usr/bin/systemctl try-restart masq.service >/dev/null 2>&1 } # Sub to restart dhcpd dhcpd(){ #/usr/bin/sv t dhcpd /usr/bin/systemctl try-restart dhcpd.service >/dev/null 2>&1 } # Sub to reconfigures routes and defaults gateway routes(){ # We need to push all the routes of local networks as the interface has changed for NET in $(/sbin/e-smith/db networks keys); do SYSTEM=$(/sbin/e-smith/db networks getprop $NET SystemLocalNetwork) if (! test $SYSTEM); then NETMASK=$(/sbin/e-smith/db networks getprop $NET Mask) ROUTER=$(/sbin/e-smith/db networks getprop $NET Router) /sbin/route add -net $NET netmask $NETMASK gw $ROUTER >/dev/null 2>&1 fi done # If the server runs in serveronly, we need to reconfigure the default gateway: if [ $MODE == 'serveronly' ]; then GW=$(/sbin/e-smith/db configuration get GatewayIP) /sbin/route add default gw $GW >/dev/null 2>&1 fi } start(){ # prep : filtering module /usr/sbin/modprobe br_netfilter # First, create the bridge interface /usr/sbin/brctl addbr $BRIDGE_IF # Then, create the tap interface(s) and enslave it in the bridge one for t in $TAP_IF; do $openvpn --mktun --dev $t >/dev/null 2>&1 /sbin/ifconfig $t 0.0.0.0 promisc up >/dev/null 2>&1 /usr/sbin/brctl addif $BRIDGE_IF $t >/dev/null 2>&1 done # Now make the real ethernet interface promiscuous /sbin/ifconfig $ETH_IF 0.0.0.0 promisc up >/dev/null 2>&1 sleep 1 # And add it to the bridge /usr/sbin/brctl addif $BRIDGE_IF $ETH_IF >/dev/null 2>&1 [ -n "$ETH_MAC" ] && /sbin/ifconfig $BRIDGE_IF hw ether $ETH_MAC [ "$BRIDGE_PROMISC" == "yes" ] && /sbin/ifconfig $BRIDGE_IF promisc # Now configure the LocalIP on the bridge interface /sbin/e-smith/db configuration setprop InternalInterface Name $BRIDGE_IF /sbin/ifconfig $BRIDGE_IF $ETH_IP netmask $ETH_MASK >/dev/null 2>&1 # Push the routes for the new interface routes # Now we have to reconfigure the firewall firewall # And dhcpd (the configuration file is expanded each time the service starts # so no need to do it manually dhcpd } stop(){ # Shutdown the bridge and remove it /sbin/ifconfig $BRIDGE_IF down >/dev/null 2>&1 /usr/sbin/brctl delbr $BRIDGE_IF >/dev/null 2>&1 # Then delete each tap interfaces for t in $TAP_IF; do $openvpn --rmtun --dev $t >/dev/null 2>&1 done # Reconfigure the ethernet interface /sbin/e-smith/db configuration setprop InternalInterface Name $ETH_IF /sbin/ifconfig $ETH_IF $ETH_IP netmask $ETH_MASK up -promisc >/dev/null 2>&1 # Push the routes routes # restart the firewall firewall # and dhcp dhcpd } case "$1" in start) echo -n $"Starting Bridge Service: " start RETVAL=$? ;; stop) echo -n $"Stoping Bridge Service: " stop RETVAL=$? ;; restart) echo -n $"Restarting Bridge Service: " stop && start RETVAL=$? ;; adjust) echo -n $"Restarting Bridge Service: " stop && start RETVAL=$? ;; *) echo "Usage: $0 start|stop|restart" ;; esac if [ $RETVAL -eq 0 ]; then echo_success else echo_failure fi echo exit $RETVAL