forked from extremeshok/xshok-proxmox
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnetwork-configure.sh
307 lines (266 loc) · 10.2 KB
/
network-configure.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
#!/bin/bash
################################################################################
# This is property of eXtremeSHOK.com
# You are free to use, modify and distribute, however you may not remove this notice.
# Copyright (c) Adrian Jon Kriel :: [email protected]
################################################################################
#
# Script updates can be found at: https://github.com/extremeshok/xshok-proxmox
#
# License: BSD (Berkeley Software Distribution)
#
################################################################################
#
## CREATES A ROUTED vmbr0 AND NAT vmbr1 NETWORK CONFIGURATION FOR PROXMOX
# Autodetects the correct settings (interface, gatewat, netmask, etc)
# Supports IPv4 and IPv6, Private Network uses 10.10.10.1/24
#
# Also installs and properly configures the isc-dhcp-server to allow for DHCP on the vmbr1 (NAT)
#
# ROUTED (vmbr0):
# All traffic is routed via the main IP address and uses the MAC address of the physical interface.
# VM's can have multiple IP addresses and they do NOT require a MAC to be set for the IP via service provider
#
# NAT (vmbr1):
# Allows a VM to have internet connectivity without requiring its own IP address
# Assignes 10.10.10.100 - 10.10.10.200 via DHCP
#
# Public IP's can be assigned via DHCP, adding a host define to the /etc/dhcp/hosts.public file
#
# Tested on OVH and Hetzner based servers
#
# ALSO CREATES A NAT Private Network as vmbr1
#
# NOTE: WILL OVERWRITE /etc/network/interfaces
# A backup will be created as /etc/network/interfaces.timestamp
#
################################################################################
#
# THERE ARE NO USER CONFIGURABLE OPTIONS IN THIS SCRIPT
#
################################################################################
# Set the local
export LANG="en_US.UTF-8"
export LC_ALL="C"
network_interfaces_file="/etc/network/interfaces"
#Detect and install dependencies
if ! type "dhcpd" >& /dev/null; then
/usr/bin/env DEBIAN_FRONTEND=noninteractive apt-get -y -o Dpkg::Options::='--force-confdef' install isc-dhcp-server
fi
if ! [ -f "network-addiprange.sh" ]; then
echo "Downloading network-addiprange.sh script"
curl -O https://raw.githubusercontent.com/extremeshok/xshok-proxmox/master/network-addiprange.sh && chmod +x network-addiprange.sh
fi
if ! grep -q '#!/bin/bash' "network-addiprange.sh"; then
echo "ERROR: network-addiprange.sh is invalid"
fi
if ! [ -f "/etc/sysctl.d/99-networking.conf" ]; then
echo "Creating /etc/sysctl.d/99-networking.conf"
cat > /etc/sysctl.d/99-networking.conf <<EOF
net.ipv4.ip_forward=1
net.ipv4.conf.eth0.send_redirects=0
net.ipv6.conf.all.forwarding=1
EOF
fi
# Auto detect the existing network settings... this is all for ipv4
echo "Auto detecting existing network settings"
default_interface="$(ip route | awk '/default/ { print $5 }' | grep -v "vmbr")"
if [ "$default_interface" == "" ]; then
#filter the interfaces to get the default interface and which is not down and not a virtual bridge
default_interface="$(ip link | sed -e '/state DOWN / { N; d; }' | sed -e '/veth[0-9].*:/ { N; d; }' | sed -e '/vmbr[0-9].*:/ { N; d; }' | sed -e '/tap[0-9].*:/ { N; d; }' | sed -e '/lo:/ { N; d; }' | head -n 1 | cut -d':' -f 2 | xargs)"
fi
if [ "$default_interface" == "" ]; then
echo "ERROR: Could not detect default interface"
exit 1
fi
default_v4gateway="$(ip route | awk '/default/ { print $3 }')"
default_v4="$(ip -4 addr show dev "$default_interface" | awk '/inet/ { print $2 }' )"
default_v4ip=${default_v4%/*}
default_v4mask=${default_v4#*/}
if [ "$default_v4mask" == "$default_v4ip" ] ;then
default_v4netmask="$(ifconfig vmbr0 | awk '/netmask/ { print $4 }')"
else
if [ "$default_v4mask" -lt "1" ] || [ "$default_v4mask" -gt "32" ] ; then
echo "ERROR: Invalid CIDR $default_v4mask"
exit 1
fi
cdr2mask () {
set -- $(( 5 - ($1 / 8) )) 255 255 255 255 $(( (255 << (8 - ($1 % 8))) & 255 )) 0 0 0
if [[ "$1" -gt 1 ]] ; then shift "$1" ; else shift ; fi ; echo "${1-0}.${2-0}.${3-0}.${4-0}"
}
default_v4netmask="$(cdr2mask "$default_v4mask")"
fi
if [ "$default_v4ip" == "" ] || [ "$default_v4netmask" == "" ] || [ "$default_v4gateway" == "" ]; then
echo "ERROR: Could not detect all IPv4 varibles"
echo "IP: ${default_v4ip} Netmask: ${default_v4netmask} Gateway: ${default_v4gateway}"
exit 1
fi
# Generate an array containing parts of the default_v4ip
IFS='.' read -r -a default_v4ip_array <<< "$default_v4ip"
cp "$network_interfaces_file" "${network_interfaces_file}.$(date +"%Y-%m-%d_%H-%M-%S")"
cat > "$network_interfaces_file" <<EOF
###### eXtremeSHOK.com
### LOOPBACK ###
auto lo
iface lo inet loopback
iface lo inet6 loopback
### IPv4 ###
# Main IPv4 from Host
auto ${default_interface}
iface ${default_interface} inet static
address ${default_v4ip}
netmask ${default_v4netmask}
gateway ${default_v4gateway}
pointopoint ${default_v4gateway}
### VM-Bridge used by Proxmox
auto vmbr0
iface vmbr0 inet static
address ${default_v4ip}
netmask ${default_v4netmask}
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
### Private NAT used by Proxmox
auto vmbr1
iface vmbr1 inet static
address 10.10.10.1
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
bridge_maxwait 0
post-up iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o ${default_interface} -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o ${default_interface} -j MASQUERADE
### Fast Private LAN
#iface enp28s0 inet manual
#auto vmbr2
#iface vmbr2 inet static
# address 10.10.3.2
# netmask 255.255.255.0
# bridge_ports enp28s0
# bridge_stp off
# bridge_fd 0
# pre-up ip link set enp28s0 mtu 8192
#
## ## Run the following to enable migrations via the Fast Private LAN:
## echo "migration: insecure,network=10.10.3.0/24" >> /etc/pve/datacenter.cfg
### Load extra files, ie for extra gateways
source /etc/network/interfaces.d/*
EOF
default_v6="$(ip -6 addr show dev "$default_interface" | awk '/global/ { print $2}')"
default_v6ip=${default_v6%/*}
default_v6mask=${default_v6#*/}
default_v6gateway="$(ip -6 route | awk '/default/ { print $3 }')"
if [ "$default_v6ip" != "" ] && [ "$default_v6mask" != "" ] && [ "$default_v6gateway" != "" ]; then
cat >> "$network_interfaces_file" << EOF
### IPv6 ###
iface ${default_interface} inet6 static
address ${default_v6ip}
netmask ${default_v6mask}
gateway ${default_v6gateway}
iface vmbr0 inet6 static
address ${default_v6ip}
netmask 64
EOF
fi
cat >> "$network_interfaces_file" << EOF
### Extra IP/IP Ranges ###
# Use ./network-addiprange.sh script to add ip/ip ranges or edit the examples below
#
## Example add IP range 176.9.216.192/27
# up route add -net 94.130.239.192 netmask 255.255.255.192 dev vmbr0
## Example add IP 176.9.123.158
# up route add -net 176.9.123.158 netmask 255.255.255.255 dev vmbr0
EOF
# Configure isc-dhcp-server
if [ -f "/etc/default/isc-dhcp-server" ] ; then
cp /etc/default/isc-dhcp-server "/etc/default/isc-dhcp-server.$(date +"%Y-%m-%d_%H-%M-%S")"
fi
if [ -f "/etc/dhcp/dhcpd.conf" ] ; then
cp /etc/dhcp/dhcpd.conf "/etc/dhcp/dhcpd.conf.$(date +"%Y-%m-%d_%H-%M-%S")"
fi
cat > /etc/default/isc-dhcp-server <<EOF
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="vmbr0 vmbr1"
#INTERFACESv6="vmbr0"
EOF
cat > /etc/dhcp/dhcpd.conf <<EOF
### eXtremeSHOK.com
# https://linux.die.net/man/5/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
option rfc3442-classless-static-routes code 121 = array of integer 8;
option ms-classless-static-routes code 249 = array of integer 8;
option domain-name-servers 1.1.1.1,8.8.8.8;
### Default to private NAT network
subnet 0.0.0.0 netmask 0.0.0.0 {
range 10.10.10.100 10.10.10.200 ;
authoritative;
default-lease-time 600;
max-lease-time 432000000;
option routers 10.10.10.1;
option subnet-mask 255.255.255.0;
option time-offset -18000;
option broadcast-address 10.10.10.255;
option rfc3442-classless-static-routes 32, 10, 10, 10, 1, 0, 0, 0, 0, 0, 10, 10, 10, 1;
option ms-classless-static-routes 32, 10, 10, 10, 1, 0, 0, 0, 0, 0, 10, 10, 10, 1;
}
### vmbr0 ; Public Network
group public {
authoritative;
default-lease-time 21600000;
max-lease-time 432000000;
option routers ${default_v4ip};
option subnet-mask 255.255.255.255;
option rfc3442-classless-static-routes 32, ${default_v4ip_array[0]}, ${default_v4ip_array[1]}, ${default_v4ip_array[2]}, ${default_v4ip_array[3]}, 0, 0, 0, 0, 0, ${default_v4ip_array[0]}, ${default_v4ip_array[1]}, ${default_v4ip_array[2]}, ${default_v4ip_array[3]};
option ms-classless-static-routes 32, ${default_v4ip_array[0]}, ${default_v4ip_array[1]}, ${default_v4ip_array[2]}, ${default_v4ip_array[3]}, 0, 0, 0, 0, 0, ${default_v4ip_array[0]}, ${default_v4ip_array[1]}, ${default_v4ip_array[2]}, ${default_v4ip_array[3]};
# Add your host defines to the /etc/dhcp/hosts.public file
include "/etc/dhcp/hosts.public";
}
#end group public
EOF
if [ ! -f "/etc/dhcp/hosts.public" ] ; then
cat > "/etc/dhcp/hosts.public" <<EOF
###########
## EXAMPLE client /etc/network/interfaces
# auto lo
# iface lo inet loopback
# auto eth0
# iface eth0 inet dhcp
###########
## Alpine linux dhcp requires:
# apk add dhclient
###########
## Assign a specific IP to a VM/CT with MAC 9E:94:13:7D:F3:0E to the IP 11.22.33.44 for host my.example.com
## set the bridge to vmbr0 and the MAC address will need to match the "hardware ethernet" MAC
# host my.example.com {
# hardware ethernet AA:BB:CC:DD:EE:00;
# fixed-address 11.22.33.44;
# }
# host another.examle.com {
# option host-name "another.example.com"
# hardware ethernet 00:EE:DD:CC:BB:AA;
# fixed-address 44.33.22.11;
# }
#
#
#
EOF
fi
systemctl enable isc-dhcp-server
## Script Finish
echo -e '\033[1;33m Finished....please restart the system \033[0m'