[Nottingham] some iptables magic required

Richard Morris richard at tannery.co.uk
Thu Dec 30 00:51:56 GMT 2004 

Michael,

In my firewall script I use the following to get the ip addresses, it
works for me on NTL.

#!/bin/sh
extIF1="eth2"  # External Interface - Dhcp
extIF2="eth2:1"  # External Interface - Alias of eth1, static IP
                        # address to connect to cable modem
intIF1="eth0"  # Interface attached to Internal Network - dhcp
intIF2="eth1"  # Interface attached to Internal Wireless Network - Static
loopIF="lo"
pppIF="ppp0"
pppIP="192.168.3.1"
pppNET="192.168.3.0/24"

#
# Constants
#
UNIV="0.0.0.0/0"
#
# Applications
#
IPTABLES=/sbin/iptables
LSMOD=/sbin/lsmod
DEPMOD=/sbin/depmod
INSMOD=/sbin/insmod
GREP=/bin/grep
AWK=/bin/awk
IFCONFIG=/sbin/ifconfig
NULL=/dev/null


function ifce_chk {
 if ! $IFCONFIG $1 > $NULL; then
 echo -e "\nInterface $1 is down, aborting."
 exit 1;
 fi
 }
function ifce_ip {
 $IFCONFIG $1 | $AWK '/inet addr/ { gsub(".*:", "", $2) ; print $2 }'
 }
function iface_mask {
 echo `$IFCONFIG $1 | $GREP -i mask | $AWK -F: '{ print $4 }' ` | $AWK -F.
'{ print int(8*(($1+$2+$3+$4)/255)) }'
 }
function iface_mask_chk {
 if ! `echo $1 | $AWK '{ if ($1 % 8) exit 1 }'`; then
 echo "found a mask which was not modulo 8, confused, aborting."
 exit 1
 fi
 }
function iface_broadcast {
 $IFCONFIG $1 | $AWK '/Bcast/ { gsub(".*:", "", $3) ; print $3 }'
 }
function ifce_net {
 echo $1 | $AWK -F. '{ printf("%s.%s.%s.0",$1,$2,$3) }'
 }
function ifce_result {
 echo "$1 interface ($2): $3"
 echo "             network/mask: $4"
 echo "                broadcast: $5"
 }
#
# extIF1
#
ifce_chk $extIF1
extIP1=`ifce_ip $extIF1`
extMSK1=`iface_mask $extIF1`
iface_mask_chk $extMSK1
extBCT1=`iface_broadcast $extIF1`
extNET1=`ifce_net $extIP1`/$extMSK1
ifce_result External $extIF1 $extIP1 $extNET1 $extBCT1
#
# extIF2
#
ifce_chk $extIF2
extIP2=`ifce_ip $extIF2`
extMSK2=`iface_mask $extIF2`
iface_mask_chk $extMSK2
extBCT2=`iface_broadcast $extIF2`
extNET2=`ifce_net $extIP2`/$extMSK2
ifce_result External $extIF2 $extIP2 $extNET2 $extBCT2
#
# 1.1.1 DHCP
#
#
#
# 1.1.2 PPPoE
#

#
# 1.2 Local Area Network configuration.
#
# intIF1
#
ifce_chk $intIF1
intIP1=`ifce_ip $intIF1`
intMSK1=`iface_mask $intIF1`
iface_mask_chk $intMSK1
intBCT1=`iface_broadcast $intIF1`
intNET1=`ifce_net $intIP1`/$intMSK1
ifce_result internal $intIF1 $intIP1 $intNET1 $intBCT1
#
# intIF2
#
ifce_chk $intIF2
intIP2=`ifce_ip $intIF2`
intMSK2=`iface_mask $intIF2`
iface_mask_chk $intMSK2
intBCT2=`iface_broadcast $intIF2`
intNET2=`ifce_net $intIP2`/$intMSK2
ifce_result internal $intIF2 $intIP2 $intNET2 $intBCT2
#
# 1.3 DMZ Configuration.
#

#
# 1.4 Localhost Configuration.
#
# lo
#
ifce_chk $loopIF
loopIP=`ifce_ip $loopIF`
ifce_result loopback $loopIF $loopIP

Regards

Richard

More information about the Nottingham mailing list