| Line 24... |
Line 24... |
|
|
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
|
|
# Pre-requisites: bridge-utils must be installed.
|
# Pre-requisites: bridge-utils must be installed.
|
|
|
# Usage: ./brset.sh <bridge> <eth> <tap> [<tap> <tap> ...]
|
# Usage: ./brstart.sh <username> <groupname> <bridge> <eth> <tap>
|
|
|
# - <bridge> is the bridge interface to use, e.g. br0
|
# - <bridge> is the bridge interface to use, e.g. br0
|
# - <eth> is the hardware ethernet interface to use, e.g. eth0
|
# - <eth> is the hardware ethernet interface to use, e.g. eth0
|
# - <tap> is/are the persistent TAP interface(s)
|
# - <tap> is/are the persistent TAP interface(s)
|
|
|
# The tap interfaces must have been previously set up persistently by the
|
# Check we have the right number of arguments
|
# superuser using for example:
|
if [ "x$#" != "x5" ]
|
|
then
|
# openvpn --mktun --dev tap<n> --user <username> --group <groupname>
|
echo "Usage: ./brstart.sh <username> <groupname> <bridge> <eth> <tap>"
|
|
exit 1
|
# Define Bridge Interface
|
fi
|
br=$1
|
|
shift
|
# Check we are root
|
|
euid=`id -un`
|
# Host ethernet interface to use
|
if [ "x${euid}" != "xroot" ]
|
eth=$1
|
then
|
shift
|
echo "Must run as root"
|
|
exit 1
|
# Determine the IP address, netmask and broadcast of the host.
|
fi
|
|
|
|
# Break out the arguments
|
|
username=$1
|
|
groupname=$2
|
|
br=$3
|
|
eth=$4
|
|
tap=$5
|
|
|
|
# Determine the IP address, netmask and broadcast of the current Ethernet
|
|
# interface. This is used if the bridge is set up manually, rather than using
|
|
# DHCP.
|
eth_ip=`ifconfig $eth | \
|
eth_ip=`ifconfig $eth | \
|
grep "inet addr" | \
|
grep "inet addr" | \
|
head -1 | \
|
head -1 | \
|
sed -e 's/^.*inet addr:\([^ \t]*\).*$/\1/'`
|
sed -e 's/^.*inet addr:\([^ \t]*\).*$/\1/'`
|
eth_netmask=`ifconfig $eth | \
|
eth_netmask=`ifconfig $eth | \
|
| Line 57... |
Line 68... |
eth_broadcast=`ifconfig $eth | \
|
eth_broadcast=`ifconfig $eth | \
|
grep "Bcast" | \
|
grep "Bcast" | \
|
head -1 | \
|
head -1 | \
|
sed -e 's/^.*Bcast:\([^ \t]*\).*$/\1/'`
|
sed -e 's/^.*Bcast:\([^ \t]*\).*$/\1/'`
|
|
|
# Define list of TAP interfaces to be bridged,
|
# Create the TAP interface
|
tap=$*
|
openvpn --mktun --dev ${tap} --user ${username} --group ${groupname}
|
|
|
echo "Creating bridge $br"
|
if [ $? != 0 ]
|
echo " Host Ethernet device: $eth"
|
then
|
echo " Host IP address: $eth_ip"
|
echo "Failed to create ${tap}"
|
echo " Host netmask: $eth_netmask"
|
exit 1
|
echo " Host broadcast: $eth_broadcast"
|
fi
|
echo " Target TAP device(s): $tap"
|
|
|
|
# Create the bridge
|
# Create the bridge
|
brctl addbr $br
|
brctl addbr ${br}
|
|
|
# Add the host Ethernet and TAP interfaces
|
|
brctl addif $br $eth
|
|
|
|
for t in $tap; do
|
|
brctl addif $br $t
|
|
done
|
|
|
|
# Remove the IP addresses of the underlying interfaces
|
|
ifconfig $eth 0.0.0.0 promisc up
|
|
|
|
for t in $tap; do
|
if [ $? != 0 ]
|
ifconfig $t 0.0.0.0 promisc up
|
then
|
|
echo "Failed to create ${br}"
|
|
exit 1
|
|
fi
|
|
|
|
# Add the host Ethernet and TAP interfaces, removing the IP addresses of the
|
|
# underlying interfaces.
|
|
for i in ${eth} ${tap}
|
|
do
|
|
# Add the interface
|
|
brctl addif ${br} ${i}
|
|
|
|
if [ $? != 0 ]
|
|
then
|
|
echo "Failed to create ${i}"
|
|
exit 1
|
|
fi
|
|
|
|
# Remove the IP address
|
|
ifconfig ${i} 0.0.0.0 promisc up
|
|
|
|
if [ $? != 0 ]
|
|
then
|
|
echo "Failed to remove IP interface of ${i}"
|
|
exit 1
|
|
fi
|
done
|
done
|
|
|
# Reconfigure the bridge to have the Ethernet address that had been used just
|
# Reconfigure the bridge to have the appropriate Ethernet address. This uses
|
# by $eth.
|
# dhclient to get the information from DHCP, but we could instead use
|
# ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
|
# ifconfig and the data about the original IP address, netmask and broadcast
|
dhclient $br
|
# mask as follows:
|
|
# ifconfig ${br} ${eth_ip} netmask ${eth_netmask} broadcast ${eth_broadcast}
|
|
dhclient ${br}
|
|
|
|
# Open up firewall to the tap and bridge. We have a generic reject at the end
|
|
# of the chain, so we insert these at the start.
|
|
iptables -I INPUT 1 -i ${tap} -j ACCEPT
|
|
iptables -I INPUT 1 -i ${br} -j ACCEPT
|
|
iptables -I FORWARD 1 -i ${br} -j ACCEPT
|
|
|
No newline at end of file
|
No newline at end of file
|
