On Tue, Aug 11, 2009 at 10:15:39PM +0530, Joshua N Pritikin wrote:
> On Tue, Aug 11, 2009 at 11:45:15AM +0530, Joshua N Pritikin wrote:
> > + if re.match('@@MASQ@@', line):
> > + print '-A POSTROUTING -o %s -j MASQUERADE' % wan
>
> This is dumb. I'll try to fix the patch tomorrow to substitute only
> @@WAN@@. Or do you really want this written in sed? (I never even
> learned sed.)
---
sysconfig/iptables-config | 7 +----
sysconfig/olpc-scripts/gen-iptables | 37 +++++++++++++++++++++++++++++++++
sysconfig/olpc-scripts/iptables-xs.in | 12 ++++++++++
sysconfig/xs_wan_device | 1 +
4 files changed, 52 insertions(+), 5 deletions(-)
create mode 100755 sysconfig/olpc-scripts/gen-iptables
create mode 100644 sysconfig/olpc-scripts/iptables-xs.in
create mode 100644 sysconfig/xs_wan_device
diff --git a/sysconfig/iptables-config b/sysconfig/iptables-config
index 819d809..f22076e 100755
--- a/sysconfig/iptables-config
+++ b/sysconfig/iptables-config
@@ -7,11 +7,8 @@
## config settings
SERVER_NUM=`cat /etc/sysconfig/xs_server_number`
if [ $SERVER_NUM=1 ];then
- if [ -e /etc/sysconfig/xs_httpcache_on ]; then
- IPTABLES_DATA=/etc/sysconfig/olpc-scripts/iptables.principal.cache
- else
- IPTABLES_DATA=/etc/sysconfig/olpc-scripts/iptables.principal
- fi
+ IPTABLES_DATA=/etc/sysconfig/olpc-scripts/iptables-xs
+ /etc/sysconfig/olpc-scripts/gen-iptables > $IPTABLES_DATA
fi
# Load additional iptables modules (nat helpers)
diff --git a/sysconfig/olpc-scripts/gen-iptables
b/sysconfig/olpc-scripts/gen-iptables
new file mode 100755
index 0000000..91b3ade
--- /dev/null
+++ b/sysconfig/olpc-scripts/gen-iptables
@@ -0,0 +1,37 @@
+#!/usr/bin/python
+
+import re;
+import os;
+import logging;
+
+#sysconfig = './' # for testing
+sysconfig = '/etc/sysconfig/'
+
+wan = 'eth0'
+try:
+ conf = sysconfig + 'xs_wan_device'
+ file = open(conf)
+ wan = file.readline()
+ wan = re.sub(r'\s$', '', wan)
+except IOError:
+ logging.warning(conf + " not found, assuming "+wan)
+
+try:
+ conf = sysconfig + 'xs_httpcache_on'
+ os.stat(conf)
+ squid = 1
+except OSError:
+ squid = 0
+
+#print("wan="+wan+" squid=%i" % squid)
+
+template = open(sysconfig + 'olpc-scripts/iptables-xs.in')
+for line in template:
+ if (re.match('@@SQUID@@', line)):
+ if squid:
+ for inf in ('lanbond0', 'mshbond0', 'mshbond1', 'mshbond2'):
+ print '-A PREROUTING -i %s -p tcp --dport 80 -j REDIRECT
--to-ports 3128' % inf
+ else:
+ line = line.rstrip()
+ line = re.sub(r'\...@\@w...@\@', wan, line)
+ print(line)
diff --git a/sysconfig/olpc-scripts/iptables-xs.in
b/sysconfig/olpc-scripts/iptables-xs.in
new file mode 100644
index 0000000..610fbe4
--- /dev/null
+++ b/sysconfig/olpc-scripts/iptables-xs.in
@@ -0,0 +1,12 @@
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+@@SQUID@@
+-A POSTROUTING -o @@WAN@@ -j MASQUERADE
+COMMIT
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
diff --git a/sysconfig/xs_wan_device b/sysconfig/xs_wan_device
new file mode 100644
index 0000000..d4398d5
--- /dev/null
+++ b/sysconfig/xs_wan_device
@@ -0,0 +1 @@
+ppp0
--
1.6.0.6
_______________________________________________
Server-devel mailing list
Server-devel@lists.laptop.org
http://lists.laptop.org/listinfo/server-devel
