From 7dcf9aa0db8585eb3489bcf0903e67bdd9dee027 Mon Sep 17 00:00:00 2001 From: ficus Date: Thu, 27 Sep 2012 23:30:57 +0200 Subject: new dnsmasq scheme --- .../multistrap-configs/torouter-base.conf | 2 +- packages/torouter-prep/configs/etc/default/dnsmasq | 2 + packages/torouter-prep/configs/etc/dnsmasq.conf | 13 +- packages/torouter-prep/configs/etc/dnsmasq.d/lan | 2 - packages/torouter-prep/configs/etc/dnsmasq.d/wifi | 2 - .../torouter-prep/configs/etc/dnsmasq_lan.conf | 6 + .../torouter-prep/configs/etc/dnsmasq_wifi.conf | 7 + .../torouter-prep/configs/etc/init.d/dnsmasq_lan | 290 +++++++++++++++++++++ .../torouter-prep/configs/etc/init.d/dnsmasq_wifi | 290 +++++++++++++++++++++ .../torouter-prep/configs/etc/network/interfaces | 13 +- packages/torouter-prep/src/torouter_preboot.sh | 11 +- 11 files changed, 618 insertions(+), 20 deletions(-) create mode 100644 packages/torouter-prep/configs/etc/default/dnsmasq delete mode 100644 packages/torouter-prep/configs/etc/dnsmasq.d/lan delete mode 100644 packages/torouter-prep/configs/etc/dnsmasq.d/wifi create mode 100644 packages/torouter-prep/configs/etc/dnsmasq_lan.conf create mode 100644 packages/torouter-prep/configs/etc/dnsmasq_wifi.conf create mode 100755 packages/torouter-prep/configs/etc/init.d/dnsmasq_lan create mode 100755 packages/torouter-prep/configs/etc/init.d/dnsmasq_wifi diff --git a/freedom-maker/multistrap-configs/torouter-base.conf b/freedom-maker/multistrap-configs/torouter-base.conf index 286c7e1..5e51646 100644 --- a/freedom-maker/multistrap-configs/torouter-base.conf +++ b/freedom-maker/multistrap-configs/torouter-base.conf @@ -6,7 +6,7 @@ debootstrap=Debian torproject torouter aptsources=Debian torproject torouter [Debian] -packages=base-files netbase openssh-server zile wget iproute net-tools hostname module-init-tools wget resolvconf udev isc-dhcp-client ifupdown devio initramfs-tools uboot-mkimage parted dosfstools apt iputils-ping haveged python pandoc python-simplejson make dialog locales-all uaputl uapevent dnsmasq iptables vim-nox less screen lsof tcptraceroute traceroute mtr-tiny openntpd dnsmasq unbound python-augeas python-flask python-daemon cron iw python-setuptools apt-utils dnsutils +packages=base-files netbase openssh-server zile wget iproute net-tools hostname module-init-tools wget resolvconf udev isc-dhcp-client ifupdown devio initramfs-tools uboot-mkimage parted dosfstools apt iputils-ping haveged python pandoc python-simplejson make dialog locales-all uaputl uapevent dnsmasq iptables vim-nox less screen lsof tcptraceroute traceroute mtr-tiny openntpd dnsmasq python-augeas python-flask python-daemon cron iw python-setuptools apt-utils dnsutils torsocks source=http://http.debian.net/debian/ keyring=debian-archive-keyring suite=wheezy diff --git a/packages/torouter-prep/configs/etc/default/dnsmasq b/packages/torouter-prep/configs/etc/default/dnsmasq new file mode 100644 index 0000000..ddaa02b --- /dev/null +++ b/packages/torouter-prep/configs/etc/default/dnsmasq @@ -0,0 +1,2 @@ + +ENABLED=0 diff --git a/packages/torouter-prep/configs/etc/dnsmasq.conf b/packages/torouter-prep/configs/etc/dnsmasq.conf index 8e02834..806996e 100644 --- a/packages/torouter-prep/configs/etc/dnsmasq.conf +++ b/packages/torouter-prep/configs/etc/dnsmasq.conf @@ -15,7 +15,6 @@ # Never forward addresses in the non-routed address spaces. #bogus-priv - # Uncomment this to filter useless windows-originated DNS requests # which can trigger dial-on-demand links needlessly. # Note that (amongst other things) this blocks all SRV requests, @@ -82,11 +81,11 @@ no-poll # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. -interface=eth1 -interface=uap0 +#interface=eth1 +#interface=uap0 # Or you can specify which interface _not_ to listen on -except-interface=eth0 -except-interface=lo +#except-interface=eth0 +#except-interface=lo # Or which to listen on by address (remember to include 127.0.0.1 if # you use this.) #listen-address= @@ -102,7 +101,7 @@ except-interface=lo # want dnsmasq to really bind only the interfaces it is listening on, # uncomment this option. About the only time you may need this is when # running another nameserver on the same machine. -bind-interfaces +#bind-interfaces # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. @@ -553,4 +552,4 @@ bind-interfaces # Include a another lot of configuration options. #conf-file=/etc/dnsmasq.more.conf -conf-dir=/etc/dnsmasq.d +#conf-dir=/etc/dnsmasq.d diff --git a/packages/torouter-prep/configs/etc/dnsmasq.d/lan b/packages/torouter-prep/configs/etc/dnsmasq.d/lan deleted file mode 100644 index 1430733..0000000 --- a/packages/torouter-prep/configs/etc/dnsmasq.d/lan +++ /dev/null @@ -1,2 +0,0 @@ - -dhcp-range=10.23.42.10,10.23.42.254,255.255.255.0,12h diff --git a/packages/torouter-prep/configs/etc/dnsmasq.d/wifi b/packages/torouter-prep/configs/etc/dnsmasq.d/wifi deleted file mode 100644 index d1bdb72..0000000 --- a/packages/torouter-prep/configs/etc/dnsmasq.d/wifi +++ /dev/null @@ -1,2 +0,0 @@ - -dhcp-range=172.16.23.10,172.16.23.254,255.255.255.0,12h diff --git a/packages/torouter-prep/configs/etc/dnsmasq_lan.conf b/packages/torouter-prep/configs/etc/dnsmasq_lan.conf new file mode 100644 index 0000000..1143401 --- /dev/null +++ b/packages/torouter-prep/configs/etc/dnsmasq_lan.conf @@ -0,0 +1,6 @@ + +no-poll +bind-interfaces +interface=eth1 +except-interface=lo +dhcp-range=10.23.42.10,10.23.42.254,255.255.255.0,12h diff --git a/packages/torouter-prep/configs/etc/dnsmasq_wifi.conf b/packages/torouter-prep/configs/etc/dnsmasq_wifi.conf new file mode 100644 index 0000000..56c268e --- /dev/null +++ b/packages/torouter-prep/configs/etc/dnsmasq_wifi.conf @@ -0,0 +1,7 @@ + +no-poll +bind-interfaces +except-interface=lo +interface=uap0 +server=172.16.23.1#5353 +dhcp-range=172.16.23.10,172.16.23.254,255.255.255.0,12h diff --git a/packages/torouter-prep/configs/etc/init.d/dnsmasq_lan b/packages/torouter-prep/configs/etc/init.d/dnsmasq_lan new file mode 100755 index 0000000..22f2557 --- /dev/null +++ b/packages/torouter-prep/configs/etc/init.d/dnsmasq_lan @@ -0,0 +1,290 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: dnsmasq_lan +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: DHCP and DNS server +### END INIT INFO + +set +e # Don't exit on error status + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dnsmasq +NAME=dnsmasq_lan +DESC="DNS forwarder and DHCP server" + +# Most configuration options in /etc/default/dnsmasq are deprecated +# but still honoured. +ENABLED=1 +if [ -r /etc/default/$NAME ]; then + . /etc/default/$NAME +fi + +# Get the system locale, so that messages are in the correct language, and the +# charset for IDN is correct +if [ -r /etc/default/locale ]; then + . /etc/default/locale + export LANG +fi + +test -x $DAEMON || exit 0 + +# Provide skeleton LSB log functions for backports which don't have LSB functions. +if [ -f /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions +else + log_warning_msg () { + echo "${@}." + } + + log_success_msg () { + echo "${@}." + } + + log_daemon_msg () { + echo -n "${1}: $2" + } + + log_end_msg () { + if [ $1 -eq 0 ]; then + echo "." + elif [ $1 -eq 255 ]; then + /bin/echo -e " (warning)." + else + /bin/echo -e " failed!" + fi + } +fi + +# RESOLV_CONF: +# If the resolvconf package is installed then use the resolv conf file +# that it provides as the default. Otherwise use /etc/resolv.conf as +# the default. +# +# If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit +# filename is set there then this inhibits the use of the resolvconf-provided +# information. +# +# Note that if the resolvconf package is installed it is not possible to +# override it just by configuration in /etc/dnsmasq.conf, it is necessary +# to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq. + +if [ ! "$RESOLV_CONF" ] && + [ "$IGNORE_RESOLVCONF" != "yes" ] && + [ -x /sbin/resolvconf ] +then + RESOLV_CONF=/var/run/dnsmasq/resolv.conf +fi + +for INTERFACE in $DNSMASQ_INTERFACE; do + DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -i $INTERFACE" +done + +for INTERFACE in $DNSMASQ_EXCEPT; do + DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -I $INTERFACE" +done + +if [ ! "$DNSMASQ_USER" ]; then + DNSMASQ_USER="dnsmasq" +fi + +start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + # /var/run may be volatile, so we need to ensure that + # /var/run/dnsmasq exists here as well as in postinst + if [ ! -d /var/run/dnsmasq ]; then + mkdir /var/run/dnsmasq || return 2 + chown dnsmasq:nogroup /var/run/dnsmasq || return 2 + fi + + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON --test -- -C /etc/dnsmasq_lan.conf > /dev/null || return 1 + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON -- -C /etc/dnsmasq_lan.conf \ + -x /var/run/dnsmasq/$NAME.pid \ + ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \ + ${MAILTARGET:+ -t $MAILTARGET} \ + ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \ + ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \ + ${DHCP_LEASE:+ -l $DHCP_LEASE} \ + ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \ + ${RESOLV_CONF:+ -r $RESOLV_CONF} \ + ${CACHESIZE:+ -c $CACHESIZE} \ + ${CONFIG_DIR:+ -7 $CONFIG_DIR} \ + ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} \ + || return 2 +} + +start_resolvconf() +{ +# If interface "lo" is explicitly disabled in /etc/default/dnsmasq +# Then dnsmasq won't be providing local DNS, so don't add it to +# the resolvconf server set. + for interface in $DNSMASQ_EXCEPT + do + [ $interface = lo ] && return + done + + if [ -x /sbin/resolvconf ] ; then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME + fi + return 0 +} + +stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq/$NAME.pid + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + return "$RETVAL" +} + +stop_resolvconf() +{ + if [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d lo.$NAME + fi + return 0 +} + +status() +{ + # Return + # 0 if daemon is running + # 1 if daemon is dead and pid file exists + # 3 if daemon is not running + # 4 if daemon status is unknown + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON --test > /dev/null + case "$?" in + 0) [ -e "/var/run/dnsmasq/$NAME.pid" ] && return 1 ; return 3 ;; + 1) return 0 ;; + *) return 4 ;; + esac +} + +case "$1" in + start) + test "$ENABLED" != "0" || exit 0 + log_daemon_msg "Starting $DESC" "$NAME" + start + case "$?" in + 0) + log_end_msg 0 + start_resolvconf + exit 0 + ;; + 1) + log_success_msg "(already running)" + exit 0 + ;; + *) + log_end_msg 1 + exit 1 + ;; + esac + ;; + stop) + stop_resolvconf + if [ "$ENABLED" != "0" ]; then + log_daemon_msg "Stopping $DESC" "$NAME" + fi + stop + RETVAL="$?" + if [ "$ENABLED" = "0" ]; then + case "$RETVAL" in + 0) log_daemon_msg "Stopping $DESC" "$NAME"; log_end_msg 0 ;; + esac + exit 0 + fi + case "$RETVAL" in + 0) log_end_msg 0 ; exit 0 ;; + 1) log_warning_msg "(not running)" ; exit 0 ;; + *) log_end_msg 1; exit 1 ;; + esac + ;; + restart|force-reload) + test "$ENABLED" != "0" || exit 1 + $DAEMON --test ${CONFIG_DIR:+ -7 $CONFIG_DIR} ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + NAME="configuration syntax check" + RETVAL="2" + else + stop_resolvconf + stop + RETVAL="$?" + fi + log_daemon_msg "Restarting $DESC" "$NAME" + case "$RETVAL" in + 0|1) + sleep 2 + start + case "$?" in + 0) + log_end_msg 0 + start_resolvconf + exit 0 + ;; + *) + log_end_msg 1 + exit 1 + ;; + esac + ;; + *) + log_end_msg 1 + exit 1 + ;; + esac + ;; + status) + log_daemon_msg "Checking $DESC" "$NAME" + status + case "$?" in + 0) log_success_msg "(running)" ; exit 0 ;; + 1) log_success_msg "(dead, pid file exists)" ; exit 1 ;; + 3) log_success_msg "(not running)" ; exit 3 ;; + *) log_success_msg "(unknown)" ; exit 4 ;; + esac + ;; + dump-stats) + kill -s USR1 `cat /var/run/dnsmasq/$NAME.pid` + ;; + systemd-start-resolvconf) + start_resolvconf + ;; + systemd-stop-resolvconf) + stop_resolvconf + ;; + systemd-exec) +# --pid-file without argument disables writing a PIDfile, we don't need one with sytemd. +# Enable DBus by default because we use DBus activation with systemd. + exec $DAEMON --keep-in-foreground --pid-file --enable-dbus \ + ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \ + ${MAILTARGET:+ -t $MAILTARGET} \ + ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \ + ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \ + ${DHCP_LEASE:+ -l $DHCP_LEASE} \ + ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \ + ${RESOLV_CONF:+ -r $RESOLV_CONF} \ + ${CACHESIZE:+ -c $CACHESIZE} \ + ${CONFIG_DIR:+ -7 $CONFIG_DIR} \ + ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|dump-stats|status}" >&2 + exit 3 + ;; +esac + +exit 0 + diff --git a/packages/torouter-prep/configs/etc/init.d/dnsmasq_wifi b/packages/torouter-prep/configs/etc/init.d/dnsmasq_wifi new file mode 100755 index 0000000..dfd103c --- /dev/null +++ b/packages/torouter-prep/configs/etc/init.d/dnsmasq_wifi @@ -0,0 +1,290 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: dnsmasq_wifi +# Required-Start: $network $remote_fs $syslog +# Required-Stop: $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: DHCP and DNS server +### END INIT INFO + +set +e # Don't exit on error status + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/dnsmasq +NAME=dnsmasq_wifi +DESC="DNS forwarder and DHCP server" + +# Most configuration options in /etc/default/dnsmasq are deprecated +# but still honoured. +ENABLED=1 +if [ -r /etc/default/$NAME ]; then + . /etc/default/$NAME +fi + +# Get the system locale, so that messages are in the correct language, and the +# charset for IDN is correct +if [ -r /etc/default/locale ]; then + . /etc/default/locale + export LANG +fi + +test -x $DAEMON || exit 0 + +# Provide skeleton LSB log functions for backports which don't have LSB functions. +if [ -f /lib/lsb/init-functions ]; then + . /lib/lsb/init-functions +else + log_warning_msg () { + echo "${@}." + } + + log_success_msg () { + echo "${@}." + } + + log_daemon_msg () { + echo -n "${1}: $2" + } + + log_end_msg () { + if [ $1 -eq 0 ]; then + echo "." + elif [ $1 -eq 255 ]; then + /bin/echo -e " (warning)." + else + /bin/echo -e " failed!" + fi + } +fi + +# RESOLV_CONF: +# If the resolvconf package is installed then use the resolv conf file +# that it provides as the default. Otherwise use /etc/resolv.conf as +# the default. +# +# If IGNORE_RESOLVCONF is set in /etc/default/dnsmasq or an explicit +# filename is set there then this inhibits the use of the resolvconf-provided +# information. +# +# Note that if the resolvconf package is installed it is not possible to +# override it just by configuration in /etc/dnsmasq.conf, it is necessary +# to set IGNORE_RESOLVCONF=yes in /etc/default/dnsmasq. + +if [ ! "$RESOLV_CONF" ] && + [ "$IGNORE_RESOLVCONF" != "yes" ] && + [ -x /sbin/resolvconf ] +then + RESOLV_CONF=/var/run/dnsmasq/resolv.conf +fi + +for INTERFACE in $DNSMASQ_INTERFACE; do + DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -i $INTERFACE" +done + +for INTERFACE in $DNSMASQ_EXCEPT; do + DNSMASQ_INTERFACES="$DNSMASQ_INTERFACES -I $INTERFACE" +done + +if [ ! "$DNSMASQ_USER" ]; then + DNSMASQ_USER="dnsmasq" +fi + +start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + # /var/run may be volatile, so we need to ensure that + # /var/run/dnsmasq exists here as well as in postinst + if [ ! -d /var/run/dnsmasq ]; then + mkdir /var/run/dnsmasq || return 2 + chown dnsmasq:nogroup /var/run/dnsmasq || return 2 + fi + + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON --test -- -C /etc/dnsmasq_wifi.conf > /dev/null || return 1 + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON -- -C /etc/dnsmasq_wifi.conf \ + -x /var/run/dnsmasq/$NAME.pid \ + ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \ + ${MAILTARGET:+ -t $MAILTARGET} \ + ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \ + ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \ + ${DHCP_LEASE:+ -l $DHCP_LEASE} \ + ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \ + ${RESOLV_CONF:+ -r $RESOLV_CONF} \ + ${CACHESIZE:+ -c $CACHESIZE} \ + ${CONFIG_DIR:+ -7 $CONFIG_DIR} \ + ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} \ + || return 2 +} + +start_resolvconf() +{ +# If interface "lo" is explicitly disabled in /etc/default/dnsmasq +# Then dnsmasq won't be providing local DNS, so don't add it to +# the resolvconf server set. + for interface in $DNSMASQ_EXCEPT + do + [ $interface = lo ] && return + done + + if [ -x /sbin/resolvconf ] ; then + echo "nameserver 127.0.0.1" | /sbin/resolvconf -a lo.$NAME + fi + return 0 +} + +stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile /var/run/dnsmasq/$NAME.pid + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + return "$RETVAL" +} + +stop_resolvconf() +{ + if [ -x /sbin/resolvconf ] ; then + /sbin/resolvconf -d lo.$NAME + fi + return 0 +} + +status() +{ + # Return + # 0 if daemon is running + # 1 if daemon is dead and pid file exists + # 3 if daemon is not running + # 4 if daemon status is unknown + start-stop-daemon --start --quiet --pidfile /var/run/dnsmasq/$NAME.pid --exec $DAEMON --test > /dev/null + case "$?" in + 0) [ -e "/var/run/dnsmasq/$NAME.pid" ] && return 1 ; return 3 ;; + 1) return 0 ;; + *) return 4 ;; + esac +} + +case "$1" in + start) + test "$ENABLED" != "0" || exit 0 + log_daemon_msg "Starting $DESC" "$NAME" + start + case "$?" in + 0) + log_end_msg 0 + start_resolvconf + exit 0 + ;; + 1) + log_success_msg "(already running)" + exit 0 + ;; + *) + log_end_msg 1 + exit 1 + ;; + esac + ;; + stop) + stop_resolvconf + if [ "$ENABLED" != "0" ]; then + log_daemon_msg "Stopping $DESC" "$NAME" + fi + stop + RETVAL="$?" + if [ "$ENABLED" = "0" ]; then + case "$RETVAL" in + 0) log_daemon_msg "Stopping $DESC" "$NAME"; log_end_msg 0 ;; + esac + exit 0 + fi + case "$RETVAL" in + 0) log_end_msg 0 ; exit 0 ;; + 1) log_warning_msg "(not running)" ; exit 0 ;; + *) log_end_msg 1; exit 1 ;; + esac + ;; + restart|force-reload) + test "$ENABLED" != "0" || exit 1 + $DAEMON --test ${CONFIG_DIR:+ -7 $CONFIG_DIR} ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} >/dev/null 2>&1 + if [ $? -ne 0 ]; then + NAME="configuration syntax check" + RETVAL="2" + else + stop_resolvconf + stop + RETVAL="$?" + fi + log_daemon_msg "Restarting $DESC" "$NAME" + case "$RETVAL" in + 0|1) + sleep 2 + start + case "$?" in + 0) + log_end_msg 0 + start_resolvconf + exit 0 + ;; + *) + log_end_msg 1 + exit 1 + ;; + esac + ;; + *) + log_end_msg 1 + exit 1 + ;; + esac + ;; + status) + log_daemon_msg "Checking $DESC" "$NAME" + status + case "$?" in + 0) log_success_msg "(running)" ; exit 0 ;; + 1) log_success_msg "(dead, pid file exists)" ; exit 1 ;; + 3) log_success_msg "(not running)" ; exit 3 ;; + *) log_success_msg "(unknown)" ; exit 4 ;; + esac + ;; + dump-stats) + kill -s USR1 `cat /var/run/dnsmasq/$NAME.pid` + ;; + systemd-start-resolvconf) + start_resolvconf + ;; + systemd-stop-resolvconf) + stop_resolvconf + ;; + systemd-exec) +# --pid-file without argument disables writing a PIDfile, we don't need one with sytemd. +# Enable DBus by default because we use DBus activation with systemd. + exec $DAEMON --keep-in-foreground --pid-file --enable-dbus \ + ${MAILHOSTNAME:+ -m $MAILHOSTNAME} \ + ${MAILTARGET:+ -t $MAILTARGET} \ + ${DNSMASQ_USER:+ -u $DNSMASQ_USER} \ + ${DNSMASQ_INTERFACES:+ $DNSMASQ_INTERFACES} \ + ${DHCP_LEASE:+ -l $DHCP_LEASE} \ + ${DOMAIN_SUFFIX:+ -s $DOMAIN_SUFFIX} \ + ${RESOLV_CONF:+ -r $RESOLV_CONF} \ + ${CACHESIZE:+ -c $CACHESIZE} \ + ${CONFIG_DIR:+ -7 $CONFIG_DIR} \ + ${DNSMASQ_OPTS:+ $DNSMASQ_OPTS} + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|dump-stats|status}" >&2 + exit 3 + ;; +esac + +exit 0 + diff --git a/packages/torouter-prep/configs/etc/network/interfaces b/packages/torouter-prep/configs/etc/network/interfaces index 036eb4d..34b2f35 100644 --- a/packages/torouter-prep/configs/etc/network/interfaces +++ b/packages/torouter-prep/configs/etc/network/interfaces @@ -8,7 +8,6 @@ iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp - post-up ifup uap0 post-down ifdown uap0 auto eth1 @@ -17,10 +16,12 @@ iface eth1 inet static netmask 255.255.255.0 network 10.23.42.0 broadcast 10.23.42.255 + pre-up ip addr del 10.23.42.1/24 dev eth1 || true post-up echo 1 > /proc/sys/net/ipv4/ip_forward + post-up /etc/init.d/dnsmasq_lan start # this must happen after have brought up uap0 because it clears the nat tables post-up iptables -t nat -A POSTROUTING -s 10.23.42.0/24 -o eth0 -j MASQUERADE - post-up /etc/init.d/dnsmasq restart + pre-down /etc/init.d/dnsmasq_lan stop # The magic Tor wireless network auto uap0 @@ -30,10 +31,14 @@ iface uap0 inet static network 172.16.23.0 broadcast 172.16.23.255 pre-up ifconfig uap0 hw ether 00:66:66:66:66:66 - post-up /etc/init.d/tor reload - post-up /etc/init.d/dnsmasq restart + pre-up ip addr del 172.16.23.1/24 dev uap0 || true + post-up /etc/init.d/tor start + post-up /etc/init.d/tor reload + post-up /etc/init.d/dnsmasq_wifi start post-up /etc/init.d/ttdnsd restart post-up /usr/bin/uaputl sys_cfg_ssid "torproject" || true post-up /usr/bin/uaputl bss_start || true post-up /usr/sbin/tor-wireless-firewall.sh || true + post-up /sbin/iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 pre-down /usr/bin/uaputl bss_stop || true + pre-down /etc/init.d/dnsmasq_wifi stop diff --git a/packages/torouter-prep/src/torouter_preboot.sh b/packages/torouter-prep/src/torouter_preboot.sh index 18703a5..70c08aa 100755 --- a/packages/torouter-prep/src/torouter_preboot.sh +++ b/packages/torouter-prep/src/torouter_preboot.sh @@ -34,10 +34,13 @@ install -o root -g root -m 600 $config_dir/etc/network/interfaces /etc/network/i # Configure dnsmasq install -o root -g root -m 600 $config_dir/etc/dnsmasq.conf /etc/dnsmasq.conf -mkdir -p /etc/dnsmasq.d -chown root:root /etc/dnsmasq.d -install -o root -g root -m 600 $config_dir/etc/dnsmasq.d/lan /etc/dnsmasq.d/lan -install -o root -g root -m 600 $config_dir/etc/dnsmasq.d/wifi /etc/dnsmasq.d/wifi +install -o root -g root -m 600 $config_dir/etc/dnsmasq_lan.conf /etc/dnsmasq_lan.conf +install -o root -g root -m 600 $config_dir/etc/dnsmasq_wifi.conf /etc/dnsmasq_wifi.conf + +# new dns scheme +install -o root -g root -m 600 $config_dir/etc/default/dnsmasq /etc/default/dnsmasq +install -o root -g root -m 750 $config_dir/etc/init.d/dnsmasq_lan /etc/init.d/dnsmasq_lan +install -o root -g root -m 750 $config_dir/etc/init.d/dnsmasq_wifi /etc/init.d/dnsmasq_wifi # Configure ntp install -o root -g root -m 600 $config_dir/etc/ntp.conf /etc/ntp.conf -- cgit v1.2.3