#!/bin/sh
#
# /etc/rc.d/init.d/vlan script
# Marat "Billy" Bilialov, devel @ socket.ru, http://socket.ru/vlan-howto
# Made of script by  Doug Monroe doug @ planetconnect.com, http://www.planetconnect.com/vlan/
# Mar. 22, 2002
# To install under Redhat : chkconfig --add vlan
# iptables:
# chkconfig: - 99 10
# description: start/stop VLANs (with DHCPD)
. /etc/rc.d/init.d/functions
. /etc/sysconfig/vlans
#
# :     :
# /etc/rc.d/init.d/dhcpd
# /etc/rc.d/init.d/iptables

DHCPLIST=""
              
#  DNS-  dhcpd
DNSLIST="1.2.3.4, 5.6.7.8"    
	             
########################## START
case $1 in 
 start)
#   ./iptables,   
/etc/rc.d/init.d/iptables restart

# eth1 -   , eth0   
/sbin/ifconfig eth1 down
/sbin/ifconfig eth1 up 192.168.1.254 #     
/sbin/iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j SNAT --to-source 1.2.3.101 # 
#    .         
#  IP- (     ),  eth0   
# 1.2.3.101...1.2.3.199   192.168.1.0...192.168.99.0 .
		     
#   iptables      ,  eth1.8,   vconfig-
#  ""   ,  vlan8.
/usr/local/sbin/vconfig set_name_type VLAN_PLUS_VID_NO_PAD

#    dhcpd
echo "ddns-update-style ad-hoc;" > /tmp/vlan-dhcpd.conf #   dns

######################### VLANs WITH DHCP
for i in $VLAN_DHCP
do
    action $"Creating VLAN $i..." /usr/local/sbin/vconfig add eth1 $i

    #   iptables   .  ,  -I  
    # , ..      ,  - .
    #     '/sbin/iptables -nvL'
    #
    #     ,   :
    echo $"adding iptables rules for VLAN $i..."
    /sbin/iptables -I FORWARD -i vlan$i -o ! vlan$i -j DROP
    /sbin/iptables -I FORWARD -i vlan$i -o vlan$i -j ACCEPT
    /sbin/iptables -I FORWARD -i vlan$i -o eth0 -j ACCEPT
    /sbin/iptables -t nat -A POSTROUTING -s 192.168.$i.0/24 -o eth0 -j SNAT --to-source 1.2.3.1${i}
               # ,      -     {$i}   !

    #    
    action $"bringing VLAN 5$i interface up..." /sbin/ifconfig vlan${i} up 192.168.${i}.254

    #    dhcp
    DHCPLIST="$DHCPLIST vlan$i"

    #     dhcpd.conf
echo "subnet 192.168.$i.0 netmask 255.255.255.0 {
# --- default gateway
     option routers                  192.168.$i.254;
     option subnet-mask              255.255.255.0;
     option domain-name-servers      $DNSLIST;
     option time-offset              -3;     # Moscow Time
     range dynamic-bootp 192.168.$i.20 192.168.$i.240; #  IP  1..19   
     default-lease-time 21600;
     max-lease-time 43200;
}" >> /tmp/vlan-dhcpd.conf

done

######################### VLANs WITHOUT DHCP
for x in $VLAN_NO_DHCP
do
    action $"Creating non-DHCP VLAN $x..." /usr/local/sbin/vconfig add eth1 $x
    
    #   iptables   .  ,  -I  
    # , ..      ,  - .
    #     '/sbin/iptables -nvL'
    #
    #     ,   :
    echo $"adding iptables rules for VLAN $x..."
    /sbin/iptables -I FORWARD -i vlan$x -o ! vlan$x -j DROP
    /sbin/iptables -I FORWARD -i vlan$x -o vlan$x -j ACCEPT
    /sbin/iptables -I FORWARD -i vlan$x -o eth0 -j ACCEPT
    /sbin/iptables -t nat -A POSTROUTING -s 192.168.$x.0/24 -o eth0 -j SNAT --to-source 1.2.3.1${x}

    #    
    action "bringing non-DHCP VLAN $x interface up..." /sbin/ifconfig vlan5$x up 192.168.${x}.254
done
																									        
#  dhcpd...
if [ -f /var/lock/subsys/dhcpd ]; then
    /etc/rc.d/init.d/dhcpd stop
fi

# ...     
action $"Starting DHCP for $DHCPLIST" /etc/rc.d/init.d/dhcpd start "$DHCPLIST"

#   ,   
mv /tmp/vlan-dhcpd.conf /tmp/vlan-dhcpd.conf-OLD

#  
/usr/local/sbin/fetchipac -S
;;

########################## STOP
stop)
#  dhcpd
action $"Stopping DHCP" /etc/rc.d/init.d/dhcpd stop

#   iptables
/etc/rc.d/init.d/iptables stop

#     
for i in `ls /proc/net/vlan|grep -v config`
do
action $"Removing VLAN interface $i" /usr/local/sbin/vconfig rem $i
done
;;

########################## RESTART
restart)
$0 stop
$0 start
;;

########################## USAGE
*)
echo "usage: $0 {start|stop|restart}"
;;
esac
