cutaway/ics_startup.sh

## ics_startup.sh
#!/bin/bash
###########################################################################
# ics_startup.sh - This shell script is designed to help setup Internet
#                       sharing between to interfaces. It will generate
#                       the appropriate iptable rules, implement them,
#                       and start the DHCP server. It will also reset
#                       the system.
#
# Copyright (c) 2012, InGuardians, Inc. <consulting@inguardians.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

# Point Of Contact:    Don C. Weber <don@inguardians.com>
###########################################################################

# Sites that are helpful
#http://sajjad.in/2010/06/ics-ubuntu-simplified/
#http://codeghar.wordpress.com/2012/05/02/ubuntu-12-04-ipv4-nat-gateway-and-dhcp-server/

# Requirements:
# isc-dhcp-server
#   Ubuntu Install: sudo apt-get install isc-dhcp-server
#
# dhcpd.conf:
# Add the following to your /etc/dhcp/dhcpd.conf file.
# Obviously, modify the network parameters appropriately
#
# ##################
# # CUTAWAY CONFIG
# ##################
# # Google and OpenDNS name servers
# option domain-name-servers 8.8.8.8, 208.67.222.222, 208.67.220.220;
#
# subnet 192.168.5.0 netmask 255.255.255.0 {
#   range 192.168.5.2 192.168.5.254;
#   option subnet-mask 255.255.255.0;
#   option broadcast-address 192.168.5.255;
#   option routers 192.168.5.1;
# }
# ##################
# # END CUTAWAY CONFIG
# ##################
#

# Run using sudo
# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

CMD=$1
NOWT=$(date +"%Y%m%d%H%M%S")

# Network settings
# Change these by hand to keep the script from being too complicated.
IPADDR="192.168.6.1"
SUBNET="192.168.6.0/24"
EXTINTERFACE="wlan0"
INTINTERFACE="eth0"

case $CMD in
stop)

    # Prep the system for ip_forwarding
    echo 0 > /proc/sys/net/ipv4/ip_forward

    # Clean iptables
    iptables -F

    # Stop DHCP Server
    service isc-dhcp-server stop

    # Remind about iptable rules
    echo "Your original iptable rules should be reimplemented by hand."
    echo "Check for a file that starts with curr-iptables and select"
    echo "the most recent date. Use the following command in Ubuntu:"
    echo "iptables-restore < curr-iptables-date"
    echo "Or, you could just reboot your system as the changes made"
    echo "by this script are not permanent."
    echo
    echo "You probably want to remove any old curr-iptables files or"
    echo "or they will start cluttering the current directory."
    ;;
start|*)
    echo "Ensure that $EXTINTERFACE is connected to the Internet."
    echo "Ensure that $INTINTERFACE is configured for $IPADDR."
    echo "If you are using Ubuntu you will want to use the Network Manager"
    echo "because it might conflict with setting the IP via the command"
    echo "line. (Yes, ugh, it IS stupid.)"

    # Prep the system for ip_forwarding
    echo 1 > /proc/sys/net/ipv4/ip_forward

    # Run iptables
    iptables-save >curr-iptables-$NOWT.txt
    iptables -F
    iptables -A FORWARD -i $EXTINTERFACE -o $INTINTERFACE -s $SUBNET -m conntrack --ctstate NEW -j ACCEPT
    iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
    iptables -A POSTROUTING -t nat -j MASQUERADE

    # Start DHCP Server
    service isc-dhcp-server start
    ;;
esac
	#!/bin/bash
	###########################################################################
	# ics_startup.sh - This shell script is designed to help setup Internet
	# sharing between to interfaces. It will generate
	# the appropriate iptable rules, implement them,
	# and start the DHCP server. It will also reset
	# the system.
	#
	# Copyright (c) 2012, InGuardians, Inc. <consulting@inguardians.com>
	#
	# This program is free software: you can redistribute it and/or modify
	# it under the terms of the GNU General Public License as published by
	# the Free Software Foundation, either version 3 of the License, or
	# (at your option) any later version.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#
	# You should have received a copy of the GNU General Public License
	# along with this program. If not, see <http://www.gnu.org/licenses/>.

	# Point Of Contact: Don C. Weber <don@inguardians.com>
	###########################################################################

	# Sites that are helpful
	#http://sajjad.in/2010/06/ics-ubuntu-simplified/
	#http://codeghar.wordpress.com/2012/05/02/ubuntu-12-04-ipv4-nat-gateway-and-dhcp-server/

	# Requirements:
	# isc-dhcp-server
	# Ubuntu Install: sudo apt-get install isc-dhcp-server
	#
	# dhcpd.conf:
	# Add the following to your /etc/dhcp/dhcpd.conf file.
	# Obviously, modify the network parameters appropriately
	#
	# ##################
	# # CUTAWAY CONFIG
	# ##################
	# # Google and OpenDNS name servers
	# option domain-name-servers 8.8.8.8, 208.67.222.222, 208.67.220.220;
	#
	# subnet 192.168.5.0 netmask 255.255.255.0 {
	# range 192.168.5.2 192.168.5.254;
	# option subnet-mask 255.255.255.0;
	# option broadcast-address 192.168.5.255;
	# option routers 192.168.5.1;
	# }
	# ##################
	# # END CUTAWAY CONFIG
	# ##################
	#

	# Run using sudo
	# Make sure only root can run our script
	if [[ $EUID -ne 0 ]]; then
	echo "This script must be run as root" 1>&2
	exit 1
	fi

	CMD=$1
	NOWT=$(date +"%Y%m%d%H%M%S")

	# Network settings
	# Change these by hand to keep the script from being too complicated.
	IPADDR="192.168.6.1"
	SUBNET="192.168.6.0/24"
	EXTINTERFACE="wlan0"
	INTINTERFACE="eth0"

	case $CMD in
	stop)

	# Prep the system for ip_forwarding
	echo 0 > /proc/sys/net/ipv4/ip_forward

	# Clean iptables
	iptables -F

	# Stop DHCP Server
	service isc-dhcp-server stop

	# Remind about iptable rules
	echo "Your original iptable rules should be reimplemented by hand."
	echo "Check for a file that starts with curr-iptables and select"
	echo "the most recent date. Use the following command in Ubuntu:"
	echo "iptables-restore < curr-iptables-date"
	echo "Or, you could just reboot your system as the changes made"
	echo "by this script are not permanent."
	echo
	echo "You probably want to remove any old curr-iptables files or"
	echo "or they will start cluttering the current directory."
	;;
	start\|*)
	echo "Ensure that $EXTINTERFACE is connected to the Internet."
	echo "Ensure that $INTINTERFACE is configured for $IPADDR."
	echo "If you are using Ubuntu you will want to use the Network Manager"
	echo "because it might conflict with setting the IP via the command"
	echo "line. (Yes, ugh, it IS stupid.)"

	# Prep the system for ip_forwarding
	echo 1 > /proc/sys/net/ipv4/ip_forward

	# Run iptables
	iptables-save >curr-iptables-$NOWT.txt
	iptables -F
	iptables -A FORWARD -i $EXTINTERFACE -o $INTINTERFACE -s $SUBNET -m conntrack --ctstate NEW -j ACCEPT
	iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
	iptables -A POSTROUTING -t nat -j MASQUERADE

	# Start DHCP Server
	service isc-dhcp-server start
	;;
	esac