crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
scripts/utils/install-party/fete-du-slip

68 lines
2.3 KiB
Bash
Executable file
Raw Permalink Blame History

#!/bin/bash
# Pour nater tout le monde sur le VLAN 10
# À exécuter sur ytrap-llatsni
if [ `hostname` != "ytrap-llatsni" ]
then
echo "À exécuter sur ytrap-llatsni"
exit 1
fi
iptables -t nat -F
iptables -t raw -F
iptables -t mangle -F
ip6tables -t mangle -F
ip6tables -F
iptables -t raw -A PREROUTING -d 224.0.0.0/4 -j DROP
# On log les les paquets
iptables -t mangle -A PREROUTING -i eth1 -m state --state NEW -j LOG --log-prefix "LOG_ALL "
iptables -t mangle -A PREROUTING -i eth0 -m state --state NEW -j LOG --log-prefix "LOG_ALL "
# <Portail captif>
ipset -q create allowed_guests bitmap:ip range 10.231.137.0/24 || ipset flush allowed_guests
iptables -t nat -N CAPTIF 2> /dev/null || iptables -t nat -F CAPTIF
#iptables -t nat -A PREROUTING --src 10.231.137.189 -j CAPTIF
#iptables -t nat -A PREROUTING -j CAPTIF
iptables -t nat -A CAPTIF -p tcp --dport 80 -m set \! --match-set allowed_guests src -j DNAT --to-destination 10.231.137.1
iptables -t nat -A CAPTIF -j RETURN
# </Portail captif>
# On nat l'ipv4
iptables -t nat -A POSTROUTING -j MASQUERADE
# Pas d'adm
ip6tables -t filter -A FORWARD -o eth2 -j REJECT
iptables -t filter -A FORWARD -o eth2 -j REJECT
# On log les les paquets
ip6tables -t mangle -A PREROUTING -i eth1 -m state --state NEW -j LOG --log-prefix "LOG_ALL "
ip6tables -t mangle -A PREROUTING -i eth0 -m state --state NEW -j LOG --log-prefix "LOG_ALL "
ip6tables -A FORWARD -p icmp -j ACCEPT
# On accept les ip crans
ip6tables -A FORWARD -i eth0 -s 2a01:240:fe3d::/56 -d 2a01:240:fe3d:d2::/64 -j ACCEPT
ip6tables -A FORWARD -i eth1 -d 2a01:240:fe3d::/56 -s 2a01:240:fe3d:d2::/64 -j ACCEPT
# On permet de contacter toutes les ips en sortie
ip6tables -A FORWARD -i eth1 -o eth0 -j ACCEPT
# On accepte tout ce qui vient d'odlyd
ip6tables -A FORWARD -i eth0 -m mac --mac-source a0:d3:c1:00:f4:04 -j ACCEPT
# On rejete le reste
ip6tables -A FORWARD -j REJECT
ip6tables -P FORWARD DROP
# On active le routage en ipv6
echo 1 > /proc/sys/net/ipv6/conf/eth1/forwarding
echo 1 > /proc/sys/net/ipv6/conf/eth0/forwarding
# On active le routage en ipv4
echo 1 > /proc/sys/net/ipv4/conf/eth1/forwarding
echo 1 > /proc/sys/net/ipv4/conf/eth0/forwarding
# Sinon radvd vomit
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
# On lance radvd
#/etc/init.d/radvd start
Reference in a new issue View git blame Copy permalink