Changeset 103 for system/generators/iptables.php

Timestamp:

Aug 3, 2008, 6:50:25 PM (16 years ago)

Author:

george

Message:

• Opraveno: Skripty pro generování nastavení služeb sítě. * Přidáno: Skript pro import online stavu počítačů z netwatch systému.

File:

• system/generators/iptables.php (modified) (8 diffs)

system/generators/iptables.php

@@ -1 +1 @@
 <?php
-include_once('../../html/global.php');
+include_once('/a/www/centrala/global.php');
 
 // Generate firewall rules
-exec('iptables -t nat -F Block');
-exec('iptables -t nat -F POSTROUTING');
-exec('iptables -t nat -F PreroutingDNAT');
-//    exec('iptables -t nat -A Block -p tcp --destination-port 80 -j REDIRECT --to-ports 3128');
+exec('/sbin/iptables -t nat -F Block');
+exec('/sbin/iptables -t nat -F POSTROUTING');
+exec('/sbin/iptables -t nat -F PreroutingDNAT');
+//    exec('/sbin/iptables -t nat -A Block -p tcp --destination-port 80 -j REDIRECT --to-ports 3128');
 
 // Blocking according IP address
@@ -15 +15 @@
   while($Row = $DbResult2->fetch_array())
   {
-    exec('iptables -t nat -A Block -s '.$Row['IP'].' -j Local');
+    exec('/sbin/iptables -t nat -A Block -s '.$Row['IP'].' -j Local');
   }
 }
@@ -24 +24 @@
   while($Row = $DbResult2->fetch_array())
   {
-    exec('iptables -t nat -A Block -s '.$Row['IP'].' -j Local');
+    exec('/sbin/iptables -t nat -A Block -s '.$Row['IP'].' -j Local');
   }
 }
@@ -39 +39 @@
     if($User['inet'] == 0)
     {
-      if(($Row['block'] == 0) and ($Row['type'] == 1)) exec('iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
-        else exec('iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
+      if(($Row['block'] == 0) and ($Row['type'] == 1)) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
+        else exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
     } else {
       if($Row['vpn'] == 0) 
@@ -48 +48 @@
         if($Row['name'] == 'TBC')
         {
-          exec('iptables -t nat -A PreroutingDNAT -m tcp -p tcp --dport 3724 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP'].':3725');  
-          exec('iptables -t nat -A POSTROUTING -m tcp -p tcp -s '.$Row['IP'].' --sport 3725 -o eth1 -j SNAT --to-source '.$Row['external_ip'].':3724');  
+          exec('/sbin/iptables -t nat -A PreroutingDNAT -m tcp -p tcp --dport 3724 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP'].':3725');  
+          exec('/sbin/iptables -t nat -A POSTROUTING -m tcp -p tcp -s '.$Row['IP'].' --sport 3725 -o eth1 -j SNAT --to-source '.$Row['external_ip'].':3724');  
         }
         if(strtolower($Row['name']) != 'centrala')
@@ -55 +55 @@
           if($Row['external_ip'] != '')
           {
-            exec('iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);  
-            exec('iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j ACCEPT');  
-            exec('iptables -t nat -A POSTROUTING -s '.$Row['IP'].' -o eth1 -j SNAT --to-source '.$Row['external_ip']);  
+            exec('/sbin/iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);  
+            exec('/sbin/iptables -t nat -A PreroutingDNAT -i eth1 -d '.$Row['external_ip'].' -j ACCEPT');  
+            exec('/sbin/iptables -t nat -A POSTROUTING -s '.$Row['IP'].' -o eth1 -j SNAT --to-source '.$Row['external_ip']);  
           }
-          exec('iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
+          exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
         }
       }
@@ -66 +66 @@
         $CZFreeLocalIP = $Row['external_ip'];
  //echo('vpn');
-        //exec('iptables -t nat -A PreroutingDNAT -s '.$Row['IP'].' -p udp -m udp --dport 55556 -j DROP');  
-        if($Row['external_ip'] != '') exec('iptables -t nat -A PreroutingDNAT -d '.$Row['external_ip'].' -j ACCEPT');  
-        exec('iptables -t nat -A Block -s '.ToVpnIp($Row)." -j Proxy");
+        //exec('/sbin/iptables -t nat -A PreroutingDNAT -s '.$Row['IP'].' -p udp -m udp --dport 55556 -j DROP');  
+        if($Row['external_ip'] != '') exec('/sbin/iptables -t nat -A PreroutingDNAT -d '.$Row['external_ip'].' -j ACCEPT');  
+        exec('/sbin/iptables -t nat -A Block -s '.ToVpnIp($Row)." -j Proxy");
 
         if($Row['vpn'] == 1) 
         {
-          exec('iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
-        } else if($Row['vpn'] == 2) exec('iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
+          exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Local");
+        } else if($Row['vpn'] == 2) exec('/sbin/iptables -t nat -A Block -m mac --mac-source '.$Row['MAC']." -j Proxy");
       }
       if($Row['czfree_ip'] != '')
       {
         // CZFree
-        exec('iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j DNAT --to-destination '.$CZFreeLocalIP);  
-        exec('iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j ACCEPT');  
-        exec('iptables -t nat -A POSTROUTING -s '.$CZFreeLocalIP.' -o tun0 -j SNAT --to-source '.$Row['czfree_ip']);  
+        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j DNAT --to-destination '.$CZFreeLocalIP);  
+        exec('/sbin/iptables -t nat -A PreroutingDNAT -i tun0 -d '.$Row['czfree_ip'].' -j ACCEPT');  
+        exec('/sbin/iptables -t nat -A POSTROUTING -s '.$CZFreeLocalIP.' -o tun0 -j SNAT --to-source '.$Row['czfree_ip']);  
       }
     }
@@ -90 +90 @@
 $DbResult = $Database->select('hosts', '*', 'name="MAIL"');
 $Row = $DbResult->fetch_array();
-exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP');  
-exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);  
-exec('iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT');  
-exec('iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']);  
+exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d 212.111.4.174 -j DROP');  
+exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j DNAT --to-destination '.$Row['IP']);  
+exec('/sbin/iptables -t nat -A PreroutingDNAT -p tcp -m tcp --dport 25 -d '.$Row['external_ip'].' -j ACCEPT');  
+exec('/sbin/iptables -t nat -A POSTROUTING -p tcp -m tcp --dport 25 -s 212.111.4.174 -o eth1 -j SNAT --to-source '.$Row['external_ip']);  
 
 // Local network NAT
 $DbResult = $Database->select('hosts', '*', 'name="GATE"');
 $Row = $DbResult->fetch_array();
-exec('iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
-//exec('iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
-//exec('iptables -t nat -A POSTROUTING -s 212.111.16.94 -o eth1 -j MASQUERADE');
+exec('/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/255.255.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
+//exec('/sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0/255.0.0.0 -o eth1 -j SNAT --to-source '.$Row['external_ip']);
+//exec('/sbin/iptables -t nat -A POSTROUTING -s 212.111.16.94 -o eth1 -j MASQUERADE');
 
 exec('/sbin/iptables-save>/etc/sysconfig/iptables');