From c44aebe7016921035c41a95cd8989d55c2eb59a9 Mon Sep 17 00:00:00 2001 From: Jesse Gilles Date: Fri, 20 Dec 2013 15:09:49 -0600 Subject: ocg-scripts: updated scripts with more options ocg-cell-router: configurable LAN and WAN interface options ocg-wifi-ap: dhcpd config enhancements, bridge interface configurable --- .../ocg-scripts/ocg-scripts-1.0/ocg-cell-router | 81 +++++++++---- .../recipes/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd | 15 ++- .../ocg-scripts/ocg-scripts-1.0/ocg-set-apn | 9 +- .../ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap | 133 +++++++++++++++------ multitech/recipes/ocg-scripts/ocg-scripts_1.0.bb | 2 +- 5 files changed, 173 insertions(+), 67 deletions(-) diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router index 27287e0..c4c2d86 100755 --- a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router +++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-cell-router @@ -3,7 +3,7 @@ set -e do_start() { - lan_interfaces=$(echo "$1" | sed "s/,/ /g") + lan_interfaces=$(echo "$lan" | sed "s/,/ /g") echo "Configuring firewall rules..." # Flush all the tables first @@ -18,38 +18,35 @@ do_start() { # Allow packets in for existing socket connections iptables -t filter -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT - # Accept all from LAN interfaces (always accept on eth0) - iptables -t filter -A INPUT -i eth0 -j ACCEPT + # Accept all from LAN interfaces for i in $lan_interfaces; do - if [ "$i" != "eth0" ]; then - iptables -t filter -A INPUT -i $i -j ACCEPT - fi + iptables -t filter -A INPUT -i $i -j ACCEPT + + # Accept ssh from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p tcp --dport 22 -j ACCEPT + # Accept http from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p tcp --dport 80 -j ACCEPT + # Accept tftp from the LAN (Wired) + #iptables -t filter -A INPUT -i $i -p udp --dport 69 -j ACCEPT done - # Accept ssh from the LAN (Wired) - #iptables -t filter -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT - # Accept http from the LAN (Wired) - #iptables -t filter -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT - # Accept tftp from the LAN (Wired) - #iptables -t filter -A INPUT -i eth0 -p udp --dport 69 -j ACCEPT - # Accept ssh from the WAN (Wireless) - #iptables -t filter -A INPUT -i ppp0 -p tcp --dport 22 -j ACCEPT + #iptables -t filter -A INPUT -i $wan -p tcp --dport 22 -j ACCEPT # Accept http from the WAN (Wireless) - #iptables -t filter -A INPUT -i ppp0 -p tcp --dport 80 -j ACCEPT + #iptables -t filter -A INPUT -i $wan -p tcp --dport 80 -j ACCEPT - # Allow packet fowarding from LAN interfaces to ppp0 (cell router) + # Allow packet fowarding from LAN interfaces to WAN (cell router) iptables -t filter -P FORWARD DROP iptables -t filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT for i in $lan_interfaces; do - iptables -t filter -A FORWARD -i $i -o ppp0 -j ACCEPT + iptables -t filter -A FORWARD -i $i -o $wan -j ACCEPT done # Allow all output packets iptables -t filter -P OUTPUT ACCEPT # enable NAT for cell router - iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE + iptables -t nat -A POSTROUTING -o $wan -j MASQUERADE echo "Enabling packet forwarding..." # turn on packet forwarding last @@ -74,20 +71,56 @@ do_stop() { echo "Done" } -if [[ $# < 1 || $# > 2 ]]; then - echo "Usage: $(basename $0) start|stop [lan-interfaces]" - echo " lan-interfaces: comma-separated list of LAN interfaces to forward to cellular" - echo " defaults to \"eth0\"" +usage() { + echo "Usage: $(basename $0) start|stop [options]" + echo " options:" + echo " -l LAN interfaces to allow, comma-separated (defaults to \"eth0\")" + echo " -w WAN interface to route out (defaults to \"ppp0\")" exit 1 +} + +# main +if [[ $# < 1 ]]; then + usage fi -case $1 in +cmd=$1 +shift + +while getopts "l:w:h" opt; do + case "$opt" in + l) + l=$OPTARG + ;; + w) + w=$OPTARG + ;; + h) + usage + ;; + *) + usage + ;; + esac +done + +# default lan to eth0 if not specified +lan=${l-eth0} +# default wan to ppp0 if not specified +wan=${w-ppp0} + +case $cmd in start) - do_start "${2:-eth0}" + echo "LAN: $lan" + echo "WAN: $wan" + do_start ;; stop) do_stop ;; + *) + usage + ;; esac exit 0 diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd index 575b803..cafc1be 100755 --- a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd +++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-dhcpd @@ -10,11 +10,14 @@ do_stop() { killall udhcpd } -# main -if [[ $# -ne 1 ]] -then - echo "usage: $0 start|stop|restart" +usage() { + echo "Usage: $(basename $0) start|stop|restart" exit 1 +} + +# main +if [[ $# != 1 ]]; then + usage fi case $1 in @@ -31,8 +34,12 @@ case $1 in ;; restart) do_stop + sleep 1 do_start ;; + *) + usage + ;; esac exit 0 diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-set-apn b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-set-apn index 867c24e..5c3985f 100755 --- a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-set-apn +++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-set-apn @@ -1,19 +1,20 @@ #!/bin/bash -if [[ $# != "1" ]]; then +if [[ $# != 1 ]]; then echo "Usage: $(basename $0) APN" exit 1 fi apn=$1 +chat_file=/etc/ppp/peers/gsm_chat -sed -r -i "s/^OK\s+'AT\+CGDCONT=1,\"IP\",\"[^\"]*\"'$/OK 'AT\+CGDCONT=1,\"IP\",\"${apn}\"'/" /etc/ppp/peers/gsm_chat +sed -r -i "s/^OK\s+'AT\+CGDCONT=1,\"IP\",\"[^\"]*\"'$/OK 'AT\+CGDCONT=1,\"IP\",\"${apn}\"'/" $chat_file -if [[ $? != "0" ]]; then +if [[ $? != 0 ]]; then echo "Failed to change APN" exit 1 else - echo "Set APN to \"${apn}\"" + echo "Set APN to \"${apn}\" in $chat_file" fi exit 0 diff --git a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap index d96d597..e3f3088 100755 --- a/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap +++ b/multitech/recipes/ocg-scripts/ocg-scripts-1.0/ocg-wifi-ap @@ -3,22 +3,53 @@ dhcpd_file=/etc/udhcpd.conf hostapd_file=/etc/hostapd.conf interface=wlan0 +bridge_mode=0 do_start() { - if [ "$1" = "bridge" ]; then - interface=br0 + if [ "$bridge_mode" = 1 ]; then + interface=$b if ! grep -E -q "^bridge=$interface\s*$" $hostapd_file; then echo "Enabling bridge=br0 in $hostapd_file" sed -r -i "s/^#?bridge=.*$/bridge=$interface/" $hostapd_file fi + else + if grep -E -q "^bridge=.*$" $hostapd_file; then + echo "Disabling bridge in $hostapd_file" + sed -r -i "s/^bridge=/#bridge=/" $hostapd_file + fi fi - echo "starting hostap daemon" + echo "Starting hostap daemon" /etc/init.d/hostapd start - if [ "$1" != "bridge" ]; then - echo "setting IP address of access point" - ifconfig $interface $1 + if [ "$bridge_mode" != 1 ]; then + echo "Setting IP address to $ip" + ifconfig $interface $ip + # strip off end of IP address to get subnet + # assumes subnet of /24 + subnet=${ip%.*} + # escape periods for regex + subnet_regex=${subnet//./\\.} + ip_regex=${ip//./\\.} + # set default address range for dhcpd + addr_start=100 + addr_end=254 + if ! grep -E -q "^start\s+$subnet_regex\." $dhcpd_file; then + echo "Changing dhcpd start to $subnet.$addr_start" + sed -r -i "s/^start\s+.*$/start $subnet.$addr_start/" $dhcpd_file + fi + if ! grep -E -q "^end\s+$subnet_regex\." $dhcpd_file; then + echo "Changing dhcpd end to $subnet.$addr_end" + sed -r -i "s/^end\s+.*$/end $subnet.$addr_end/" $dhcpd_file + fi + # update dhcpd addresses if needed + if ! grep -E -q "^option\s+router\s+$ip_regex" $dhcpd_file; then + echo "Changing dhcpd router to $ip" + sed -r -i "s/^option\s+router\s+.*$/option router $ip/" $dhcpd_file + fi + else + # unset ip address for bridge mode + ifconfig wlan0 0.0.0.0 fi if ! grep -E -q "^interface\s+$interface" $dhcpd_file; then @@ -29,43 +60,74 @@ do_start() { } do_stop() { - echo "stopping hostap daemon" + echo "Stopping hostap daemon" /etc/init.d/hostapd stop ocg-dhcpd stop } -# main -if [[ $# -lt 1 ]] -then - echo "usage: $0 start|stop|restart [access point IP address|\"bridge\"]" +usage() { + echo "Usage: $(basename $0) start|stop|restart [options]" + echo " options:" + echo " -a
Sets AP IP address (defaults to 192.168.3.1)" + echo " -b Add AP to specified bridge interface (conflicts with -a)" exit 1 -elif [[ $# -eq 2 ]] -then - if [ "$2" != "bridge" ]; then - ret=1 - if [[ $2 =~ ^([0-9]{1,3}\.){3,3}[0-9]{1,3}$ ]] - then - OIFS=$IFS - IFS='.' - ip=($2) - IFS=$OFIS - [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]] - ret=$? - fi - if [[ ret -ne 0 ]] - then - echo "invalid IP address" - exit 1 - fi +} + +# main +if [[ $# < 1 ]]; then + usage +fi + +cmd=$1 +shift + +while getopts "a:b:h" opt; do + case "$opt" in + a) + a=$OPTARG + ;; + b) + b=$OPTARG + bridge_mode=1 + ;; + h) + usage + ;; + *) + usage + ;; + esac +done + +# can't specify both address and bridge mode +if [ -n "$a" ] && [ -n "$b" ]; then + usage +fi + +if [ -n "$a" ]; then + ret=1 + if [[ $a =~ ^([0-9]{1,3}\.){3,3}[0-9]{1,3}$ ]] + then + OIFS=$IFS + IFS='.' + ip=($a) + IFS=$OFIS + [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]] + ret=$? fi - ip=$2 + if [[ ret -ne 0 ]] + then + echo "invalid IP address" + exit 1 + fi + ip=$a else - ip="192.168.2.1" + ip="192.168.3.1" fi -case $1 in +case $cmd in start) - do_start $ip + do_start ;; stop) do_stop @@ -73,7 +135,10 @@ case $1 in restart) do_stop sleep 1 - do_start $ip + do_start + ;; + *) + usage ;; esac diff --git a/multitech/recipes/ocg-scripts/ocg-scripts_1.0.bb b/multitech/recipes/ocg-scripts/ocg-scripts_1.0.bb index f87cfeb..fc2fc02 100644 --- a/multitech/recipes/ocg-scripts/ocg-scripts_1.0.bb +++ b/multitech/recipes/ocg-scripts/ocg-scripts_1.0.bb @@ -2,6 +2,6 @@ DESCRIPTION = "Scripts to easily get started with common OCG use cases" require ocg-scripts-1.0.inc -PR = "r2" +PR = "r3" S = "${WORKDIR}/ocg-scripts-${PV}" -- cgit v1.2.3