From 5532b4d1a993abcd151cdef6acbdd5808a319b7f Mon Sep 17 00:00:00 2001 From: garywill <32130780+garywill@users.noreply.github.com> Date: Fri, 31 Aug 2018 18:41:06 +0800 Subject: [PATCH] support setting upstream DNS server --- README.md | 47 +++++++++++++++++++++++----------------- lnxrouter | 64 +++++++++++++++++++++++++++++++++++++++++++++---------- 2 files changed, 80 insertions(+), 31 deletions(-) mode change 100644 => 100755 lnxrouter diff --git a/README.md b/README.md index 3e3bef4..f292e53 100644 --- a/README.md +++ b/README.md @@ -81,7 +81,7 @@ Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container ### Transparent proxy with Tor ``` -# lnxrouter -i eth1 --tp 9040 --dns-proxy 9053 +# lnxrouter -i eth1 --tp 9040 --dns 9053 ``` In `torrc` @@ -133,7 +133,7 @@ $ lxc profile add profile5 ``` That should make one container have 2 profiles. `profile5` will override `eth0`. ``` -# lnxrouter -i lxdbr5 --tp 9040 --dns-proxy 9053 +# lnxrouter -i lxdbr5 --tp 9040 --dns 9053 ``` To remove that new profile from container ``` @@ -153,47 +153,52 @@ $ lxc config device remove eth0 ### Use as transparent proxy for VirtualBox On VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP disabled. ``` -# lnxrouter -i vboxnet5 --tp 9040 --dns-proxy 9053 +# lnxrouter -i vboxnet5 --tp 9040 --dns 9053 ``` ### CLI usage and other features ``` -Usage: lnxrouter [options] +Usage: lnxrouter Options: -h, --help Show this help --version Print version number - -i Interface to share Internet to. - An NATed subnet is made upon it. - To create Wifi hotspot use '--ap' instead + -i Interface to make NATed sub-network, + and to provide Internet to + (To create Wifi hotspot use '--ap' instead) -n Disable Internet sharing - --tp Transparent proxy. - redirect non-LAN tcp and udp traffic to port. - Usually used with '--dns-proxy' - -g Set gateway IPv4 address, netmask is /24 . + -g Set this host's IPv4 address, netmask is 24 (default: 192.168.18.1) -6 Enable IPv6 (NAT) --p6 Set IPv6 prefix (length 64) (default: fd00:1:1:1:: ) - --dns-proxy DNS server redirect queries to port - --no-serve-dns Disable DNS server - --no-dnsmasq Disable dnsmasq server completely (DHCP, DNS, RA) - --log-dns Show DNS server query log + + --dns || + DNS server's upstream DNS. + Use ',' to seperate multiple servers + (default: use /etc/resolve.conf) + (Note IPv6 addresses need '[]' around) + --no-dns Do not serve DNS + --no-dnsmasq Disable dnsmasq server (DHCP, DNS, RA) + --log-dns Show DNS query log --dhcp-dns |no - Set IPv4 DNS offered by DHCP - (default: gateway as DNS) + Set IPv4 DNS offered by DHCP (default: this host) --dhcp-dns6 |no - Set IPv6 DNS offered by DHCP(RA) - (default: gateway as DNS) - Note IPv6 addresses need '[]' around + Set IPv6 DNS offered by DHCP (RA) + (default: this host) + (Note IPv6 addresses need '[]' around) -d DNS server will take into account /etc/hosts -e DNS server will take into account additional hosts file --mac Set MAC address + --tp Transparent proxy, + redirect non-LAN tcp and udp traffic to port. + Usually used with '--dns' + Wifi hotspot options: --ap Create Wifi access point @@ -217,10 +222,12 @@ Options: (defaults to /etc/hostapd/hostapd.accept) --hostapd-debug 1 or 2. Passes -d or -dd to hostapd --isolate-clients Disable wifi communication between clients + --ieee80211n Enable IEEE 802.11n (HT) --ieee80211ac Enable IEEE 802.11ac (VHT) --ht_capab HT capabilities (default: [HT40+]) --vht_capab VHT capabilities + --no-haveged Do not run haveged automatically when needed Instance managing: diff --git a/lnxrouter b/lnxrouter old mode 100644 new mode 100755 index 57e9f11..a6dbdcf --- a/lnxrouter +++ b/lnxrouter @@ -29,8 +29,13 @@ Options: --p6 Set IPv6 prefix (length 64) (default: fd00:1:1:1:: ) - --no-serve-dns Do not serve DNS - --no-dnsmasq Disable dnsmasq server completely (DHCP, DNS, RA) + --dns || + DNS server's upstream DNS. + Use ',' to seperate multiple servers + (default: use /etc/resolve.conf) + (Note IPv6 addresses need '[]' around) + --no-dns Do not serve DNS + --no-dnsmasq Disable dnsmasq server (DHCP, DNS, RA) --log-dns Show DNS query log --dhcp-dns |no Set IPv4 DNS offered by DHCP (default: this host) @@ -46,8 +51,7 @@ Options: --tp Transparent proxy, redirect non-LAN tcp and udp traffic to port. - Usually used with '--dns-proxy' - --dns-proxy DNS server redirects queries to + Usually used with '--dns' Wifi hotspot options: --ap @@ -93,7 +97,7 @@ Examples: $PROGNAME --ap wlan0 MyAccessPoint $PROGNAME --ap wlan0 MyAccessPoint --password MyPassPhrase $PROGNAME -n --ap wlan0 MyAccessPoint --password MyPassPhrase - $PROGNAME -i eth1 --tp --dns-proxy + $PROGNAME -i eth1 --tp --dns EOF } @@ -119,7 +123,7 @@ CONN_IFACE= SHARE_METHOD=nat TP_PORT= -TP_DNS_PORT= +DNS= NEW_MACADDR= OLD_MACADDR= @@ -199,12 +203,12 @@ while [[ -n "$1" ]]; do shift ;; - --dns-proxy) + --dns) shift - TP_DNS_PORT="$1" + DNS="$1" shift ;; - --no-serve-dns) + --no-dns) shift dnsmasq_NO_DNS=1 ;; @@ -370,6 +374,38 @@ while [[ -n "$1" ]]; do esac done +sep_ip_port() { + local IP + local PORT + local INPUT + INPUT="$1" + if (echo $INPUT | grep '\.' >/dev/null 2>&1) ;then + if (echo $INPUT | grep ':' >/dev/null 2>&1) ;then + # ipv4 + port + IP="$(echo $INPUT | cut -d: -f1)" + PORT="$(echo $INPUT | cut -d: -f2)" + else + # ipv4 + IP="$INPUT" + fi + elif (echo $INPUT | grep '\]' >/dev/null 2>&1) ;then + if (echo $INPUT | grep '\]\:' >/dev/null 2>&1) ;then + # ipv6 + port + IP="$(echo $INPUT | cut -d']' -f1 | cut -d'[' -f2)" + PORT="$(echo $INPUT | cut -d']' -f2 |cut -d: -f2)" + else + # ipv6 + IP="$(echo $INPUT | cut -d']' -f1 | cut -d'[' -f2)" + fi + else + # port + IP='127.0.0.1' + PORT="$INPUT" + fi + printf -v "$2" %s "$IP" + printf -v "$3" %s "$PORT" +} + USE_IWCONFIG=0 is_interface() { @@ -1359,11 +1395,17 @@ if [[ $NO_DNSMASQ -eq 0 ]]; then echo log-queries=extra >> $CONFDIR/dnsmasq.conf fi - if [[ $TP_DNS_PORT ]]; then + if [[ $DNS ]]; then + DNS_count=$(echo $DNS | awk -F, '{print NF}') + for (( i=1;i<=DNS_count;i++ )); do + sep_ip_port "$(echo $DNS | cut -d, -f$i)" DNS_IP DNS_PORT + [[ "$DNS_PORT" ]] && DNS_PORT_D="#$DNS_PORT" + echo "server=${DNS_IP}${DNS_PORT_D}" >> $CONFDIR/dnsmasq.conf + done + cat <<- EOF >> $CONFDIR/dnsmasq.conf no-resolv no-poll - server=127.0.0.1#${TP_DNS_PORT} EOF fi if [[ $IPV6 -eq 1 ]];then