-
Notifications
You must be signed in to change notification settings - Fork 43
/
brstart-static.sh
executable file
·122 lines (98 loc) · 3.25 KB
/
brstart-static.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash
# Copyright (C) 2010 ORSoC AB
# Copyright (C) 2010 Embecosm Limited
# Contributor Julius Baxter <[email protected]>
# Contributor Jeremy Bennett <[email protected]>
# This file is a superuser script to set up an Ethernet bridge that can be
# used with Or1ksim via the TUN/TAP interface.
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the Free
# Software Foundation; either version 3 of the License, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
# You should have received a copy of the GNU General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
# ------------------------------------------------------------------------------
# Pre-requisites: bridge-utils must be installed.
# Usage: ./brstart-static.sh <username> <groupname> <bridge> <eth> <tap>
# - <bridge> is the bridge interface to use, e.g. br0
# - <eth> is the hardware ethernet interface to use, e.g. eth0
# - <tap> is/are the persistent TAP interface(s)
# Check we have the right number of arguments
if [ "x$#" != "x5" ]
then
echo "Usage: ./brstart-static.sh <username> <groupname> <bridge> <eth> <tap>"
exit 1
fi
# Check we are root
euid=`id -un`
if [ "x${euid}" != "xroot" ]
then
echo "Must run as root"
exit 1
fi
# Break out the arguments
username=$1
groupname=$2
br=$3
eth=$4
tap=$5
# Determine the IP address, netmask and broadcast of the current Ethernet
# interface. This is used if the bridge is set up manually, rather than using
# DHCP.
eth_ip=`ifconfig $eth | \
grep "inet addr" | \
head -1 | \
sed -e 's/^.*inet addr:\([^ \t]*\).*$/\1/'`
eth_netmask=`ifconfig $eth | \
grep "Mask" | \
head -1 | \
sed -e 's/^.*Mask:\([^ \t]*\).*$/\1/'`
eth_broadcast=`ifconfig $eth | \
grep "Bcast" | \
head -1 | \
sed -e 's/^.*Bcast:\([^ \t]*\).*$/\1/'`
# Create the TAP interface
openvpn --mktun --dev ${tap} --user ${username} --group ${groupname}
if [ $? != 0 ]
then
echo "Failed to create ${tap}"
exit 1
fi
# Create the bridge
brctl addbr ${br}
if [ $? != 0 ]
then
echo "Failed to create ${br}"
exit 1
fi
# Add the host Ethernet and TAP interfaces, removing the IP addresses of the
# underlying interfaces.
for i in ${eth} ${tap}
do
# Add the interface
brctl addif ${br} ${i}
if [ $? != 0 ]
then
echo "Failed to create ${i}"
exit 1
fi
# Remove the IP address
ifconfig ${i} 0.0.0.0 promisc up
if [ $? != 0 ]
then
echo "Failed to remove IP interface of ${i}"
exit 1
fi
done
# Reconfigure the bridge to have the original IP address, netmask and
# broadcast mask
ifconfig ${br} ${eth_ip} netmask ${eth_netmask} broadcast ${eth_broadcast}
# Open up firewall to the tap and bridge. We have a generic reject at the end
# of the chain, so we insert these at the start.
iptables -I INPUT 1 -i ${tap} -j ACCEPT
iptables -I INPUT 1 -i ${br} -j ACCEPT
iptables -I FORWARD 1 -i ${br} -j ACCEPT