git.meshlink.io Git - meshlink/blob - test/blackbox/util/nat.sh

   1 #!/bin/bash
   2
   3 #    nat.sh - Script to create a NAT using LXC Container
   4 #                 Designed to work on unprivileged Containers
   5 #    Copyright (C) 2019  Guus Sliepen <guus@meshlink.io>
   6 #
   7 #    This program is free software; you can redistribute it and/or modify
   8 #    it under the terms of the GNU General Public License as published by
   9 #    the Free Software Foundation; either version 2 of the License, or
  10 #    (at your option) any later version.
  11 #
  12 #    This program is distributed in the hope that it will be useful,
  13 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 #    GNU General Public License for more details.
  16 #
  17 #    You should have received a copy of the GNU General Public License along
  18 #    with this program; if not, write to the Free Software Foundation, Inc.,
  19 #    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  20
  21 # Read command-line arguments
  22 if [ $# -ne 3 ]
  23         then
  24         echo "enter valid arguments"
  25         exit 1
  26 fi
  27 router_container=$1
  28 router_bridge="${router_container}_bridge"
  29 router_conf_path="${2}/${router_container}/config"
  30 meshlinkrootpath=$3
  31
  32 MAXCOUNT=10
  33 RANGE=16
  34 number1_1=$RANDOM
  35 number1_2=$RANDOM
  36 number2_1=$RANDOM
  37 number2_2=$RANDOM
  38
  39 let "number1_1 %= $RANGE"
  40 let "number1_2 %= $RANGE"
  41 let "number2_1 %= $RANGE"
  42 let "number2_2 %= $RANGE"
  43
  44 number1_1="$((echo "obase=16; ${number1_1}") | bc)"
  45 number1_2="$((echo "obase=16; ${number1_2}") | bc)"
  46 number2_1="$((echo "obase=16; ${number2_1}") | bc)"
  47 number2_2="$((echo "obase=16; ${number2_2}") | bc)"
  48
  49 echo + Creating nat bridge
  50 ifconfig ${router_bridge} down >/dev/null 2>/dev/null
  51 brctl delbr ${router_bridge} >/dev/null 2>/dev/null
  52 brctl addbr ${router_bridge}
  53 ifconfig ${router_bridge} up
  54
  55 # Destroying the existing router if already exists
  56 lxc-stop -n ${router_container} >/dev/null 2>/dev/null
  57 lxc-destroy -n ${router_container} >/dev/null 2>/dev/null
  58
  59 echo + Creating router
  60 lxc-create -t download -n ${router_container}  -- -d ubuntu -r trusty -a amd64 >> /dev/null
  61 echo + Creating config file for router
  62 echo "lxc.net.0.name = eth0" >> ${router_conf_path}
  63 echo " " >> ${router_conf_path}
  64 echo "lxc.net.1.type = veth" >> ${router_conf_path}
  65 echo "lxc.net.1.flags = up" >> ${router_conf_path}
  66 echo "lxc.net.1.link = ${router_bridge}" >> ${router_conf_path}
  67 echo "lxc.net.1.name = eth1" >> ${router_conf_path}
  68 echo "lxc.net.1.hwaddr = 00:16:3e:ab:32:2a" >> ${router_conf_path}
  69
  70 echo + Starting Router
  71 lxc-start -n ${router_container}
  72
  73 echo + Waiting for IP address..
  74 while [ -z `lxc-info -n ${router_container} -iH` ]
  75 do
  76         sleep 1
  77 done
  78 eth0_ip=`lxc-info -n ${router_container} -iH`
  79 echo "Obtained IP address: ${eth0_ip}"
  80
  81 ###############################################################################################################
  82
  83 echo "Installing and Configuring iptables, dnsmasq  conntrack packages in ${1}"
  84 ${meshlinkrootpath}/test/blackbox/util/install_packages.sh ${1} iptables dnsmasq conntrack
  85 if [ $? -ne 0 ]
  86 then
  87         exit 1
  88 fi
  89
  90 cmd="echo \"interface=eth1\" >> /etc/dnsmasq.conf"
  91 echo "${cmd}" | lxc-attach -n ${router_container} --
  92 cmd="echo \"bind-interfaces\" >> /etc/dnsmasq.conf"
  93 echo "${cmd}" | lxc-attach -n ${router_container} --
  94 cmd="echo \"listen-address=172.16.0.1\" >> /etc/dnsmasq.conf"
  95 echo "${cmd}" | lxc-attach -n ${router_container} --
  96 cmd="echo \"dhcp-range=172.16.0.2,172.16.0.254,12h\" >> /etc/dnsmasq.conf"
  97 echo "${cmd}" | lxc-attach -n ${router_container} --
  98 cmd="ifconfig eth1 172.16.0.1 netmask 255.255.255.0 up"
  99 echo "${cmd}" | lxc-attach -n ${router_container} --
 100 if [ $? -ne 0 ]
 101 then
 102         echo "Failed to configure eth1 interface"
 103         exit 1
 104 fi
 105 cmd="service dnsmasq restart >> /dev/null"
 106 echo "${cmd}" | lxc-attach -n ${router_container} --
 107 if [ $? -ne 0 ]
 108 then
 109         echo "Failed to restart service"
 110         exit 1
 111 fi
 112
 113 echo + Configuring NAT for ${1}....
 114 cmd="iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source ${eth0_ip} "
 115 echo "${cmd}" | sudo lxc-attach -n ${router_container} --
 116 if [ $? -ne 0 ]
 117 then
 118         echo "Failed to apply NAT rule"
 119         exit 1
 120 fi
 121 cmd="iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 172.16.0.1 "
 122 echo "${cmd}" | sudo lxc-attach -n ${router_container} --
 123 if [ $? -ne 0 ]
 124 then
 125         echo "Failed to apply NAT rule"
 126         exit 1
 127 fi
 128 echo "Router created and configured with Full-cone NAT"
 129
 130 exit 0