Subscribe Better net-bridge script
posted in programming by jon on 2007-04-15
I recently set up an openvpn server on Ubuntu LTS using bridged networking and was really dissatisfied with the sample scripts for bringing the bridge adapter up/down. The script below is what I came up with instead:
# startup script to establish bridged network # based on sambple scripts from openvpn function exit_with_error { echo $* exit 2 } # bridged interface br="br0" # tap interface tap="tap0" # physical address eth="eth0" eth_addr="172.16.1.28" eth_mask="255.255.0.0" eth_cast="172.16.255.255" eth_gw="172.16.32.2" case "$1" in "start") echo "Starting bridged networking" # create tunnel /usr/sbin/openvpn --mktun --dev $tap [ "$?" != "0" ] && exit_with_error "Failed to create tunnel" /usr/sbin/brctl addbr $br /usr/sbin/brctl addif $br $eth /usr/sbin/brctl addif $br $tap [ "$?" != "0" ] && exit_with_error "Failed to create bridge" /sbin/ifconfig $tap 0.0.0.0 promisc up || exit_with_error "Failed to configure $tap" /sbin/ifconfig $eth 0.0.0.0 promisc up || exit_with_error "Falied to configure $eth" /sbin/ifconfig $br $eth_addr netmask $eth_mask broadcast $eth_cast || exit_with_error "Failed to configure $br" #/sbin/ifconfig $br up # add default route /sbin/route add -net default gw $eth_gw # create iptables rules /sbin/iptables -A INPUT -i $br -j ACCEPT /sbin/iptables -A INPUT -i $tap -j ACCEPT /sbin/iptables -A FORWARD -i $br -j ACCEPT /sbin/iptables -A FORWARD -i $tap -j ACCEPT ;; "stop") echo "Stopping bridged networking" # bring down bridge /sbin/ifconfig $br down # tear down bridge /usr/sbin/brctl delbr $br /usr/sbin/openvpn --rmtun --dev $tap # reset address of eth0 /sbin/ifconfig $eth $eth_addr netmask $eth_mask broadcast $eth_cast #/sbin/ifconfig $eth up /sbin/route add -net default gw $eth_gw # flush iptables rules /sbin/iptables -F INPUT /sbin/iptables -F FORWARD ;; *) echo "Usage: $0 {start|stop}" >&2 exit 1 ;; esac exit 0
