pve/scripts/build_nat_network.sh

#!/bin/bash
#from https://github.com/spiritLHLS/pve
# 2023.06.13

# 打印信息
_red() { echo -e "\033[31m\033[01m$@\033[0m"; }
_green() { echo -e "\033[32m\033[01m$@\033[0m"; }
_yellow() { echo -e "\033[33m\033[01m$@\033[0m"; }
_blue() { echo -e "\033[36m\033[01m$@\033[0m"; }
reading(){ read -rp "$(_green "$1")" "$2"; }
export DEBIAN_FRONTEND=noninteractive
utf8_locale=$(locale -a 2>/dev/null | grep -i -m 1 -E "UTF-8|utf8")
if [[ -z "$utf8_locale" ]]; then
  echo "No UTF-8 locale found"
else
  export LC_ALL="$utf8_locale"
  export LANG="$utf8_locale"
  export LANGUAGE="$utf8_locale"
  echo "Locale set to $utf8_locale"
fi

# 查询信息
if ! command -v lshw > /dev/null 2>&1; then
      apt-get install -y lshw
fi
# 提取物理网卡名字
interface=$(lshw -C network | awk '/logical name:/{print $3}' | head -1)
if [ -z "$interface" ]; then
  interface="eth0"
fi
# 提取IPV4地址
ipv4_address=$(ip addr show | awk '/inet .*global/ && !/inet6/ {print $2}')
# 提取IPV4网关
gateway=$(ip route | awk '/default/ {print $3}')
# 获取IPV6子网前缀
SUBNET_PREFIX=$(ip -6 addr show | grep -E 'inet6.*global' | awk '{print $2}' | awk -F'/' '{print $1}' | head -n 1 | cut -d ':' -f1-5):
# 提取IPV6地址
ipv6_address=$(ip addr show | awk '/inet6.*scope global/ { print $2 }' | head -n 1)
# 检查是否存在 IPV6 
if [ -z "$SUBNET_PREFIX" ]; then
    _red "无 IPV6 子网，不进行自动映射"
else
    _blue "母鸡的IPV6子网前缀为 $SUBNET_PREFIX"
fi
if [ -z "$ipv6_address" ]; then
    _red "母机无 IPV6 地址，不进行自动映射"
else
    _blue "母鸡的IPV6地址为 $ipv6_address"
fi

# 录入网关
if [ -f /etc/network/interfaces ]; then
    cp /etc/network/interfaces /etc/network/interfaces.bak
fi
interfaces_file="/etc/network/interfaces"
chattr -i "$interfaces_file"
if ! grep -q "auto lo" "$interfaces_file"; then
#     echo "auto lo" >> "$interfaces_file"
    echo "Can not find 'auto lo' in ${interfaces_file}"
    exit 1
fi
if ! grep -q "iface lo inet loopback" "$interfaces_file"; then
#     echo "iface lo inet loopback" >> "$interfaces_file"
    echo "Can not find 'iface lo inet loopback' in ${interfaces_file}"
    exit 1
fi
if ! grep -q "iface ${interface} inet manual" "$interfaces_file"; then
#     echo "iface ${interface} inet manual" >> "$interfaces_file"
    echo "Can not find 'iface ${interface} inet manual' in ${interfaces_file}"
    exit 1
fi
if grep -q "vmbr0" "$interfaces_file"; then
    echo "vmbr0 已存在在 ${interfaces_file}"
else
if [ -z "$SUBNET_PREFIX" ] || [ -z "$ipv6_address" ]; then
cat << EOF | sudo tee -a "$interfaces_file"
auto vmbr0
iface vmbr0 inet static
    address $ipv4_address
    gateway $gateway
    bridge_ports $interface
    bridge_stp off
    bridge_fd 0
EOF
else
cat << EOF | sudo tee -a "$interfaces_file"
auto vmbr0
iface vmbr0 inet static
    address $ipv4_address
    gateway $gateway
    bridge_ports $interface
    bridge_stp off
    bridge_fd 0

iface vmbr0 inet6 static
        address ${ipv6_address}
        gateway ${SUBNET_PREFIX}
EOF
fi
fi
if grep -q "vmbr1" "$interfaces_file"; then
    echo "vmbr1 已存在在 "$interfaces_file""
else
cat << EOF | sudo tee -a "$interfaces_file"
auto vmbr1
iface vmbr1 inet static
    address 172.16.1.1
    netmask 255.255.255.0
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    post-up echo 1 > /proc/sys/net/ipv4/ip_forward
    post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/proxy_arp
    post-up iptables -t nat -A POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE
    post-down iptables -t nat -D POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE
EOF
fi
chattr +i "$interfaces_file"

# 加载iptables并设置回源且允许NAT端口转发
apt-get install -y iptables iptables-persistent
iptables -t nat -A POSTROUTING -j MASQUERADE
sysctl net.ipv4.ip_forward=1
sysctl_path=$(which sysctl)
if grep -q "^net.ipv4.ip_forward=1" /etc/sysctl.conf; then
  if grep -q "^#net.ipv4.ip_forward=1" /etc/sysctl.conf; then
    sed -i 's/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
  fi
else
  echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
fi
${sysctl_path} -p

# 重启配置
service networking restart
systemctl restart networking.service
Create network.sh 2023-02-23 21:42:24 +08:00			`#!/bin/bash`
Update network.sh 2023-02-24 09:56:53 +08:00			`#from https://github.com/spiritLHLS/pve`
Update build_nat_network.sh 2023-06-14 09:10:10 +08:00			`# 2023.06.13`
Update network.sh 2023-02-23 21:58:44 +08:00
Update network.sh 2023-02-24 14:28:18 +08:00			`# 打印信息`
			`_red() { echo -e "\033[31m\033[01m$@\033[0m"; }`
			`_green() { echo -e "\033[32m\033[01m$@\033[0m"; }`
			`_yellow() { echo -e "\033[33m\033[01m$@\033[0m"; }`
			`_blue() { echo -e "\033[36m\033[01m$@\033[0m"; }`
Update build_nat_network.sh 2023-04-24 09:20:17 +08:00			`reading(){ read -rp "$(_green "$1")" "$2"; }`
Update build_nat_network.sh 2023-04-26 16:28:12 +08:00			`export DEBIAN_FRONTEND=noninteractive`
Update build_nat_network.sh 2023-04-27 11:26:28 +08:00			`utf8_locale=$(locale -a 2>/dev/null \| grep -i -m 1 -E "UTF-8\|utf8")`
Update build_nat_network.sh 2023-04-24 08:57:07 +08:00			`if [[ -z "$utf8_locale" ]]; then`
Update build_nat_network.sh 2023-04-27 11:26:28 +08:00			`echo "No UTF-8 locale found"`
Update build_nat_network.sh 2023-04-24 08:57:07 +08:00			`else`
			`export LC_ALL="$utf8_locale"`
			`export LANG="$utf8_locale"`
Update build_nat_network.sh 2023-04-27 11:11:30 +08:00			`export LANGUAGE="$utf8_locale"`
Update build_nat_network.sh 2023-04-27 11:26:28 +08:00			`echo "Locale set to $utf8_locale"`
Update build_nat_network.sh 2023-04-24 08:57:07 +08:00			`fi`
Update network.sh 2023-02-24 14:28:18 +08:00
			`# 查询信息`
Update build_nat_network.sh 2023-06-03 14:29:56 +08:00			`if ! command -v lshw > /dev/null 2>&1; then`
			`apt-get install -y lshw`
			`fi`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00			`# 提取物理网卡名字`
Update network.sh 2023-02-24 09:56:53 +08:00			`interface=$(lshw -C network \| awk '/logical name:/{print $3}' \| head -1)`
Update build_nat_network.sh 2023-04-24 00:17:08 +08:00			`if [ -z "$interface" ]; then`
			`interface="eth0"`
			`fi`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00			`# 提取IPV4地址`
			`ipv4_address=$(ip addr show \| awk '/inet .*global/ && !/inet6/ {print $2}')`
			`# 提取IPV4网关`
			`gateway=$(ip route \| awk '/default/ {print $3}')`
			`# 获取IPV6子网前缀`
			`SUBNET_PREFIX=$(ip -6 addr show \| grep -E 'inet6.*global' \| awk '{print $2}' \| awk -F'/' '{print $1}' \| head -n 1 \| cut -d ':' -f1-5):`
			`# 提取IPV6地址`
			`ipv6_address=$(ip addr show \| awk '/inet6.*scope global/ { print $2 }' \| head -n 1)`
			`# 检查是否存在 IPV6`
			`if [ -z "$SUBNET_PREFIX" ]; then`
			`_red "无 IPV6 子网，不进行自动映射"`
Update build_nat_network.sh 2023-04-24 00:17:08 +08:00			`else`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00			`_blue "母鸡的IPV6子网前缀为 $SUBNET_PREFIX"`
			`fi`
			`if [ -z "$ipv6_address" ]; then`
			`_red "母机无 IPV6 地址，不进行自动映射"`
			`else`
			`_blue "母鸡的IPV6地址为 $ipv6_address"`
Update build_nat_network.sh 2023-04-24 00:17:08 +08:00			`fi`
Update build_nat_network.sh 2023-05-30 21:59:29 +08:00
Update network.sh 2023-02-24 14:28:18 +08:00			`# 录入网关`
Update build_nat_network.sh 2023-06-12 22:35:02 +08:00			`if [ -f /etc/network/interfaces ]; then`
			`cp /etc/network/interfaces /etc/network/interfaces.bak`
			`fi`
Update build_nat_network.sh 2023-06-12 23:49:23 +08:00			`interfaces_file="/etc/network/interfaces"`
Update build_nat_network.sh 2023-06-12 23:27:24 +08:00			`chattr -i "$interfaces_file"`
Update build_nat_network.sh 2023-06-14 09:10:10 +08:00			`if ! grep -q "auto lo" "$interfaces_file"; then`
Update build_nat_network.sh 2023-06-14 09:14:05 +08:00			`# echo "auto lo" >> "$interfaces_file"`
			`echo "Can not find 'auto lo' in ${interfaces_file}"`
			`exit 1`
Update build_nat_network.sh 2023-06-14 09:10:10 +08:00			`fi`
			`if ! grep -q "iface lo inet loopback" "$interfaces_file"; then`
Update build_nat_network.sh 2023-06-14 09:14:05 +08:00			`# echo "iface lo inet loopback" >> "$interfaces_file"`
			`echo "Can not find 'iface lo inet loopback' in ${interfaces_file}"`
			`exit 1`
Update build_nat_network.sh 2023-06-14 09:10:10 +08:00			`fi`
Update build_nat_network.sh 2023-06-12 23:49:23 +08:00			`if ! grep -q "iface ${interface} inet manual" "$interfaces_file"; then`
Update build_nat_network.sh 2023-06-14 09:14:05 +08:00			`# echo "iface ${interface} inet manual" >> "$interfaces_file"`
			`echo "Can not find 'iface ${interface} inet manual' in ${interfaces_file}"`
			`exit 1`
Update build_nat_network.sh 2023-06-12 23:49:23 +08:00			`fi`
Update build_nat_network.sh 2023-06-12 22:35:02 +08:00			`if grep -q "vmbr0" "$interfaces_file"; then`
			`echo "vmbr0 已存在在 ${interfaces_file}"`
Update network.sh 2023-02-24 13:50:58 +08:00			`else`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00			`if [ -z "$SUBNET_PREFIX" ] \|\| [ -z "$ipv6_address" ]; then`
Update build_nat_network.sh 2023-06-12 22:35:02 +08:00			`cat << EOF \| sudo tee -a "$interfaces_file"`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00			`auto vmbr0`
			`iface vmbr0 inet static`
			`address $ipv4_address`
			`gateway $gateway`
			`bridge_ports $interface`
			`bridge_stp off`
			`bridge_fd 0`
			`EOF`
			`else`
Update build_nat_network.sh 2023-06-12 22:35:02 +08:00			`cat << EOF \| sudo tee -a "$interfaces_file"`
Update network.sh 2023-02-24 13:53:12 +08:00			`auto vmbr0`
			`iface vmbr0 inet static`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00			`address $ipv4_address`
Update network.sh 2023-02-24 13:53:12 +08:00			`gateway $gateway`
			`bridge_ports $interface`
			`bridge_stp off`
			`bridge_fd 0`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00
			`iface vmbr0 inet6 static`
			`address ${ipv6_address}`
			`gateway ${SUBNET_PREFIX}`
Update network.sh 2023-02-24 13:53:12 +08:00			`EOF`
Update network.sh 2023-02-24 13:50:58 +08:00			`fi`
Update build_nat_network.sh 2023-06-05 09:03:53 +08:00			`fi`
Update build_nat_network.sh 2023-06-12 22:35:02 +08:00			`if grep -q "vmbr1" "$interfaces_file"; then`
			`echo "vmbr1 已存在在 "$interfaces_file""`
Update network.sh 2023-02-24 13:50:58 +08:00			`else`
Update build_nat_network.sh 2023-06-12 22:35:02 +08:00			`cat << EOF \| sudo tee -a "$interfaces_file"`
Update network.sh 2023-02-24 13:53:12 +08:00			`auto vmbr1`
			`iface vmbr1 inet static`
			`address 172.16.1.1`
			`netmask 255.255.255.0`
			`bridge_ports none`
			`bridge_stp off`
			`bridge_fd 0`
			`post-up echo 1 > /proc/sys/net/ipv4/ip_forward`
			`post-up echo 1 > /proc/sys/net/ipv4/conf/vmbr1/proxy_arp`
			`post-up iptables -t nat -A POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE`
			`post-down iptables -t nat -D POSTROUTING -s '172.16.1.0/24' -o vmbr0 -j MASQUERADE`
			`EOF`
Update network.sh 2023-02-24 13:50:58 +08:00			`fi`
Update build_nat_network.sh 2023-06-12 23:27:24 +08:00			`chattr +i "$interfaces_file"`
Update network.sh 2023-02-24 09:56:53 +08:00
Update build_nat_network.sh 2023-04-10 14:34:28 +08:00			`# 加载iptables并设置回源且允许NAT端口转发`
Update build_nat_network.sh 2023-04-10 14:56:29 +08:00			`apt-get install -y iptables iptables-persistent`
Update build_nat_network.sh 2023-04-10 14:32:13 +08:00			`iptables -t nat -A POSTROUTING -j MASQUERADE`
Update build_nat_network.sh 2023-04-10 14:34:28 +08:00			`sysctl net.ipv4.ip_forward=1`
Update build_nat_network.sh 2023-04-10 14:42:45 +08:00			`sysctl_path=$(which sysctl)`
Update build_nat_network.sh 2023-04-10 14:40:44 +08:00			`if grep -q "^net.ipv4.ip_forward=1" /etc/sysctl.conf; then`
			`if grep -q "^#net.ipv4.ip_forward=1" /etc/sysctl.conf; then`
			`sed -i 's/^#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf`
			`fi`
			`else`
			`echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf`
			`fi`
Update build_nat_network.sh 2023-04-10 14:42:45 +08:00			`${sysctl_path} -p`
Update build_nat_network.sh 2023-04-10 13:48:37 +08:00
Update network.sh 2023-02-24 14:28:18 +08:00			`# 重启配置`
Update network.sh 2023-02-24 09:56:53 +08:00			`service networking restart`
Update network.sh 2023-02-23 22:03:19 +08:00			`systemctl restart networking.service`