116 lines
3.0 KiB
Bash
Executable File
116 lines
3.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
declare -A usage
|
|
declare -A varia
|
|
version="beta 1.0"
|
|
sumary="$0 [options]"
|
|
|
|
usage[l]="Locale iface"
|
|
varia[l]=local_iface
|
|
|
|
usage[w]="wan iface (must be already configured. If you want the local net to have internet access, you need to put your gw here)"
|
|
varia[w]=wan_iface
|
|
wan_iface=
|
|
|
|
usage[d]="dhcp on local iface"
|
|
varia[d]=enable_dhcp
|
|
enable_dhcp=false
|
|
|
|
usage[H]="hostapd on local iface"
|
|
varia[H]=enable_hostapd
|
|
enable_hostapd=false
|
|
|
|
usage[n]="Network part of ip (without last dot). ONLY classes A,B,C or D allowed"
|
|
varia[n]=net
|
|
net="192.168.99"
|
|
|
|
usage[i]="Host part of local_iface IP (without first dot)"
|
|
varia[i]=host_ip
|
|
host_ip=254
|
|
|
|
usage[s]="SSID of wifi network"
|
|
varia[s]=ssid
|
|
ssid="The candy cave charliiiiiiiie!"
|
|
|
|
usage[p]="PSK of wifi network"
|
|
varia[p]=psk
|
|
psk="Ho! They stole my kidney :("
|
|
|
|
|
|
. driglibash-args
|
|
|
|
dots=${net//[^.]}
|
|
netmask=$((${#dots}*8+8))
|
|
|
|
if [ -z "$local_iface" ] ; then
|
|
die "You muste provide a local iface (-l)"
|
|
fi
|
|
|
|
root_or_die
|
|
|
|
run nmcli device set $local_iface managed no
|
|
clean "nmcli device set $local_iface managed yes"
|
|
|
|
run ip a add $net.$host_ip/$netmask dev $local_iface
|
|
clean "ip a del $net.$host_ip/$netmask dev $local_iface"
|
|
|
|
if [ -n "$wan_iface" ] ; then
|
|
old_value="$(sysctl net.ipv4.ip_forward)"
|
|
run sysctl net.ipv4.ip_forward=1
|
|
clean "sysctl net.ipv4.ip_forward=$old_value"
|
|
|
|
# Allow paquets to local network
|
|
run iptables -A OUTPUT -d $net.0/$netmask -o $local_iface -j ACCEPT
|
|
clean "iptables -D OUTPUT -d $net.0/$netmask -o $local_iface -j ACCEPT"
|
|
|
|
# Allow input from local network
|
|
run iptables -A INPUT -s $net.0/$netmask -i $local_iface -j ACCEPT
|
|
clean "iptables -D INPUT -s $net.0/$netmask -i $local_iface -j ACCEPT"
|
|
|
|
# Nat paquets from local network
|
|
run iptables -t nat -A POSTROUTING -s $net.0/$netmask -j MASQUERADE
|
|
clean "iptables -t nat -D POSTROUTING -s $net.0/$netmask -j MASQUERADE"
|
|
|
|
# Allow related paquets to come back in local network
|
|
run iptables -A FORWARD -o $local_iface -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
clean "iptables -D FORWARD -o $local_iface -m state --state RELATED,ESTABLISHED -j ACCEPT"
|
|
|
|
# Forward paquets from local net
|
|
run iptables -A FORWARD -i $local_iface -j ACCEPT
|
|
clean "iptables -D FORWARD -i $local_iface -j ACCEPT"
|
|
fi
|
|
|
|
if $enable_dhcp ; then
|
|
# For dhcp offers
|
|
run iptables -A OUTPUT -d 255.255.255.255/32 -j ACCEPT
|
|
clean "iptables -D OUTPUT -d 255.255.255.255/32 -j ACCEPT"
|
|
run iptables -A INPUT -s 255.255.255.255 -j ACCEPT
|
|
clean "iptables -D INPUT -s 255.255.255.255 -j ACCEPT"
|
|
|
|
start dnsmasq "--dhcp-range=$net.100,$net.199,1m" --server=9.9.9.9 -q --listen-address "$net.$host_ip" --interface "$local_iface" -p0 -d
|
|
fi
|
|
|
|
|
|
if $enable_hostapd ; then
|
|
# Write config
|
|
hostapd_config="$(mktemp)"
|
|
echo >"$hostapd_config" <<-EOF
|
|
interface=$local_iface
|
|
ctrl_interface=/var/run/hostapd
|
|
hw_mode=g
|
|
channel=1
|
|
wpa=2
|
|
ssid=$ssid
|
|
wpa_passphrase=$psk
|
|
wpa_key_mgmt=WPA-PSK WPA-EAP
|
|
EOF
|
|
start hostapd -d "$hostapd_config"
|
|
fi
|
|
|
|
echo "PRESS CTRL+C TO QUIT"
|
|
while : ; do
|
|
sleep infinity
|
|
done
|
|
|
|
clean
|