internet-sharing

#!/bin/bash

#
# internet-sharing
#
# This script sets up NAT and masquerading on a gateway server to
# share internet resources on a local network.
#
# Usage:
#
#	internet-sharing [--internal 10.0.0.0/8] [--fqdn machine.domain.com] [--dns IP | --internal-dns]
#
# Things to do first:
#
#	install-components
#	apt-get install dhcp3-server sysv-rc-conf
#	sethostname machine.domain.com
#

#
# Default values
#
internal_network="10.100.1.1/24"
internal_fqdn=`hostname --fqdn`
current_fqdn=$internal_fqdn

external_dns=`grep "^nameserver" /etc/resolv.conf | head -n 1 | cut -f 2 -d ' '`

#
# File locations
#
NETWORK_INTERFACES=/etc/network/interfaces
SYS_CONTROL=/etc/sysctl.conf
RC_LOCAL=/etc/rc.local
DHCPD_CONF=/etc/dhcp/dhcpd.conf

#
# Parse command line args
#
while [ $# -gt 0 ] ; do

	option=$1
	shift

	case "$option" in

		--internal )
			internal_network=$1
			shift
			;;

		--fqdn )
			internal_fqdn=$1
			shift
			;;

		--dns )
			external_dns=$1
			shift
			;;

		--internal-dns )
			external_dns=
			;;

	esac
done

#
# Insure that we have set up a host name that includes a domain
#
if [ "x`echo $internal_fqdn | grep '\..*\.'`" = "x" ] ; then
	echo "Hostname must include both a machine and domain name (e.g. machine.domain.com)."
	echo "Hostname currently set to \"`hostname --fqdn`\"; please re-set or run this script again with --fqdn."
	exit 1
fi

#
# Insure that we have a dhcpd server
#
if [ ! -f $DHCPD_CONF ] ; then
	echo "No dhcpd server installed.  Please run \"apt-get install dhcp3-server sysv-rc-conf\" first."
	exit 1
fi

#
# Make our temp directory
#
WORK_DIR=`mktemp --tmpdir -d "setup.XXXXXX"`
PATCH_FILE=$WORK_DIR/gateway-setup.patch
echo "# Patch file for gateway setup.  Executed `date`" > $PATCH_FILE

#
# Calculate values from the supplied network string
#
internal_ip=`echo $internal_network | cut -f 1 -d '/'`
internal_bits=`echo $internal_network | cut -f 2 -d '/'`
case "b$internal_bits" in
	"b8" )
		internal_netmask="255.0.0.0"
		internal_broadcast=`echo $internal_ip | cut -f '1' -d '.'`".255.255.255"
		internal_base=`echo $internal_ip | cut -f '1' -d '.'`
		internal_zeros=".0.0.0"
		;;
	"b16" )
		internal_netmask="255.255.0.0"
		internal_broadcast=`echo $internal_ip | cut -f '1-2' -d '.'`".255.255"
		internal_base=`echo $internal_ip | cut -f '1-2' -d '.'`
		internal_zeros=".0.0"
		;;
	* )
		internal_netmask="255.255.255.0"
		internal_broadcast=`echo $internal_ip | cut -f '1-3' -d '.'`".255"
		internal_base=`echo $internal_ip | cut -f '1-3' -d '.'`
		internal_zeros=".0"
		internal_bits=24
		;;
esac

#
# If the network ends in ".0", then make the internal ip end in ".1"
#
if [ "x`echo $internal_ip | cut -f 4 -d '.'`" = "x0" ] ; then
	internal_ip=`echo $internal_ip | cut -f '1-3' -d '.'`".1"
fi

#
# Rebuild the internal_network variable to make sure it is conforming
# (slash notation is optional on input; /24 assumed)
#
internal_network=$internal_base$internal_zeros"/"$internal_bits

#
# Chop the domain off the end of the fqdn
#
internal_domain=`echo $internal_fqdn | sed -e 's/[^.]*\.//'`

#
# List all interfaces except lo in $interfaces
#
interfaces=`/sbin/ifconfig -s -a | cut -f 1 -d ' ' | grep -v '^Iface' | grep -v '^lo'`

#
# Set $gateway to the IP address of the gateway
#
gateway=`route -n | grep '^0\.0\.0\.0' | sed -e 's/  */ /g' |  cut -f 2 -d ' '`

#
# If we don't have a specified external dns server,
# then tell our dhcp clients to use this server for dns.
#
if [ "x$external_dns" = "x" ] ; then
	external_dns=$internal_ip
fi

#
# Find the external interface
#
for range in '1-3' '1-2' '1' ; do
	for interface in $interfaces ; do
		ip=`/sbin/ifconfig $interface | grep 'inet addr' | sed -e 's/[^:]*: *//' | cut -f 1 -d ' '`
		#
		# If the first 'range' digits of the interface's ip
		# address matches the gateway ip from 'route', then
		# we presume this interface is the gateway.
		#
		if [ "x$gateway_if" = "x" ] ; then
			if [ "x"`echo $ip | cut -f $range -d '.'` = "x"`echo $gateway | cut -f $range -d '.'` ] ; then
				gateway_if=$interface
			fi
		fi
		#
		# We will presume that the first unconfigured interface
		# that we find is the internal interface
		#
		if [ "x$internal_if" = "x" ] && [ "x$ip" = "x" ] ; then
			internal_if=$interface
		fi
		if [ "x$internal_ip" = "x$ip" ] ; then
			internal_if=$interface
		fi
	done
done

echo "gateway interface is $gateway_if"
echo "internal interface is $internal_if"

#
# Set up network interfaces
#

NETWORK_INTERFACES_ORIG=$NETWORK_INTERFACES
NETWORK_INTERFACES_NEW=$WORK_DIR/${NETWORK_INTERFACES##*/}

#
# Forget about what was there before
#
cat <<- __END__ > $NETWORK_INTERFACES_NEW
auto lo
iface lo inet loopback
__END__


#
# Set up the external interface on dhcp
#
if [ "x$gateway_if" != "x" ] ; then
	cat <<- __END__ >> $NETWORK_INTERFACES_NEW

		auto $gateway_if
		iface $gateway_if inet dhcp
	__END__
fi

#
# Set up internal interface with a static IP
#
if [ "x$internal_if" != "x" ] ; then
	cat <<- __END__  >> $NETWORK_INTERFACES_NEW

		auto $internal_if
		iface $internal_if inet static
		address $internal_ip
		broadcast $internal_broadcast
		netmask $internal_netmask
	__END__
fi

#
# Enable packet forwarding in sysctl.conf
#

diff -Nup $NETWORK_INTERFACES_ORIG $NETWORK_INTERFACES_NEW >> $PATCH_FILE

SYS_CONTROL_ORIG=$SYS_CONTROL
SYS_CONTROL_NEW=$WORK_DIR/${SYS_CONTROL##*/}
cp $SYS_CONTROL_ORIG $SYS_CONTROL_NEW

sed -i \
	-e 's/#*\(net.ipv4.ip_forward\)=.*/\1=1/' \
	$SYS_CONTROL_NEW

diff -Nup $SYS_CONTROL_ORIG $SYS_CONTROL_NEW >> $PATCH_FILE

#
# Set up masquerading on startup
#
RC_LOCAL_ORIG=$RC_LOCAL
RC_LOCAL_NEW=$WORK_DIR/${RC_LOCAL##*/}
grep -v "^[ \t]*\(exit\|iptables\)" $RC_LOCAL_ORIG | sed '/^[ \t]*$/,/^[ \t]*$/d' > $RC_LOCAL_NEW

cat <<- __END__ >> $RC_LOCAL_NEW

	iptables -t nat -A POSTROUTING -s $internal_network -o $gateway_if -j MASQUERADE
	iptables -A FORWARD -s $internal_network -o $internal_if -j ACCEPT
	iptables -A FORWARD -d $internal_network -m state --state ESTABLISHED,RELATED -i $gateway_if -j ACCEPT

	exit 0
__END__

diff -Nup $RC_LOCAL_ORIG $RC_LOCAL_NEW >> $PATCH_FILE


DHCPD_CONF_ORIG=$DHCPD_CONF
DHCPD_CONF_NEW=$WORK_DIR/${DHCPD_CONF##*/}
sed '/^[ \t]*option routers/,$d' $DHCPD_CONF_ORIG > $DHCPD_CONF_NEW

#	default-lease-time 360000;
#	max-lease-time 3600000;

cat <<- __END__ >> $DHCPD_CONF_NEW
	option routers $internal_ip;
	option subnet-mask $internal_netmask;
	option broadcast-address $internal_broadcast;
	option domain-name-servers $external_dns;
	option domain-name "$internal_domain";

	subnet $internal_base$internal_zeros netmask $internal_netmask
	{
		range $internal_base${internal_zeros%*.0}.100 $internal_base${internal_zeros%*.0}.199;
	}
__END__

diff -Nup $DHCPD_CONF_ORIG $DHCPD_CONF_NEW >> $PATCH_FILE

cat  $PATCH_FILE

echo

read -p "Apply patch file above? [y/N]? " input

if [ "x$input" = "xy" ] ; then

	echo
	echo "Patching..."

	(cd / && patch -Np0 < $PATCH_FILE)

	#
	# When we're all done:  if the hostname hasn't been set in /etc/hostname,
	# then do that now.
	#
	if [ "x$internal_fqdn" != "x$current_fqdn" ] ; then
		echo $internal_fqdn > /etc/hostname
		hostname -F /etc/hostname
	fi

	sysctl -p
	/etc/init.d/networking restart
	#/etc/init.d/dhcp3-server restart
	sysv-rc-conf dhcpd3 on

	source $RC_LOCAL

else
	echo "Abort."
fi

rm -rf $WORK_DIR