#!/bin/sh
while true; do
# Доступность этого хоста будет означать корректную работу оснвного канала
# 8.8.8.8 это DNS от Google. За его доступность можно не беспокоиться
# А значит вероятность ложного срабатывания минимальна
HOST="8.8.8.8"
# Файл-флаг. Появляется при переключении на резервный канал
LOCKFILE="/tmp/check_internet.lock"
# Файл журнала
LOGFILE="/var/log/check_internet.log"
# Пингуем проверочный хост через основной канал
ping -I enp1s0 -c 3 -n -q ${HOST} > /dev/null
# Если возникла ошибка (хост не доступен)
if [ $? -ne "0" ]; then
# Если нет файла-флага
if [ ! -f ${LOCKFILE} ]; then
# Добавляем маршрут для пинга основного канала
sudo route add 8.8.8.8/32 gw 192.168.0.1
# Меняем маршрут по умолчанию в основной таблице роутинга
sudo ip route del default
# sudo ip route add default dev enp0s26u1u1 metric 100
sudo ip route add default via 192.168.2.1 metric 100
# NAT 4G
sudo iptables-restore < /iptables.usb
# restart squid
/sh/squid-restart.sh
# Создаём файл флаг
sudo touch ${LOCKFILE}
# Делаем запись в файл журнала
echo `date +'%Y/%m/%d %H:%M:%S'` Internet connection changed to 4G >> ${LOGFILE}
sudo chmod 777 /var/log/check_internet.log
fi
# Если же всё хорошо
else
# Если есть файл-флаг
if [ -f ${LOCKFILE} ]; then
# Меняем маршрут по умолчанию в основой таблице роутинга
sudo ip route del default
sudo ip route add default via 192.168.0.1 metric 100
# NAT LAN
sudo iptables-restore < /iptables.lan
# restart squid
/sh/squid-restart.sh
# Удаляем файл-флаг
sudo rm -rf ${LOCKFILE}
# Записываем событие в файл журнала
echo `date +'%Y/%m/%d %H:%M:%S'` Internet connetction changed to LAN >> ${LOGFILE}
sudo chmod 777 /var/log/check_internet.log
fi
fi
done
# Generated by iptables-save v1.6.0 on Sun Jan 13 16:08:31 2019
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:120]
:POSTROUTING ACCEPT [0:0]
#-A POSTROUTING -o usb0 -j MASQUERADE
-A POSTROUTING -o enp0s26u1u1 -j MASQUERADE
COMMIT
# Completed on Sun Jan 13 16:08:31 2019
# Completed on Thu Sep 13 15:53:21 2018
# Generated by iptables-save v1.6.0 on Thu Sep 13 15:53:21 2018
*filter
:INPUT DROP [5:204]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [51:7292]
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp0s26u1u1 -j ACCEPT
-A INPUT -i wlp4s0 -j ACCEPT
-A INPUT -i enp1s0 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -i wlan1 -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -i tun6 -j ACCEPT
-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlp4s0 -o enp0s26u1u1 -j ACCEPT
-A FORWARD -i enp0s26u1u1 -o wlp4s0 -j ACCEPT
-A FORWARD -i enp1s0 -o enp0s26u1u1 -j ACCEPT
-A FORWARD -i enp0s26u1u1 -o enp1s0 -j ACCEPT
-A FORWARD -i tun+ -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o tun+ -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -i usb0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o usb0 -j ACCEPT
COMMIT
# Completed on Thu Sep 13 15:53:21 2018*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:120]
:POSTROUTING ACCEPT [0:0]
#-A POSTROUTING -o usb0 -j MASQUERADE
-A POSTROUTING -o enp0s26u1u1 -j MASQUERADE
COMMIT
# Completed on Sun Jan 13 16:08:31 2019
# Completed on Thu Sep 13 15:53:21 2018
# Generated by iptables-save v1.6.0 on Thu Sep 13 15:53:21 2018
*filter
:INPUT DROP [5:204]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [51:7292]
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp0s26u1u1 -j ACCEPT
-A INPUT -i wlp4s0 -j ACCEPT
-A INPUT -i enp1s0 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -i wlan1 -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -i tun6 -j ACCEPT
-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlp4s0 -o enp0s26u1u1 -j ACCEPT
-A FORWARD -i enp0s26u1u1 -o wlp4s0 -j ACCEPT
-A FORWARD -i enp1s0 -o enp0s26u1u1 -j ACCEPT
-A FORWARD -i enp0s26u1u1 -o enp1s0 -j ACCEPT
-A FORWARD -i tun+ -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o tun+ -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -i usb0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o usb0 -j ACCEPT
COMMIT
# Generated by iptables-save v1.6.0 on Sun Jan 13 16:08:31 2019
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:120]
:POSTROUTING ACCEPT [0:0]
#-A POSTROUTING -o usb0 -j MASQUERADE
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
# Completed on Sun Jan 13 16:08:31 2019
# Completed on Thu Sep 13 15:53:21 2018
# Generated by iptables-save v1.6.0 on Thu Sep 13 15:53:21 2018
*filter
:INPUT DROP [5:204]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [51:7292]
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp1s0 -j ACCEPT
-A INPUT -i wlp4s0 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -i wlan1 -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -i tun6 -j ACCEPT
-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT
-A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT
-A FORWARD -i tun+ -o usb0 -j ACCEPT
-A FORWARD -i usb0 -o tun+ -j ACCEPT
-A FORWARD -i tun+ -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o tun+ -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -i usb0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o usb0 -j ACCEPT
COMMIT
# Completed on Thu Sep 13 15:53:21 2018*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:120]
:POSTROUTING ACCEPT [0:0]
#-A POSTROUTING -o usb0 -j MASQUERADE
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
# Completed on Sun Jan 13 16:08:31 2019
# Completed on Thu Sep 13 15:53:21 2018
# Generated by iptables-save v1.6.0 on Thu Sep 13 15:53:21 2018
*filter
:INPUT DROP [5:204]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [51:7292]
-A INPUT -i lo -j ACCEPT
-A INPUT -i enp1s0 -j ACCEPT
-A INPUT -i wlp4s0 -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -i wlan1 -j ACCEPT
-A INPUT -i ppp+ -j ACCEPT
-A INPUT -i tun6 -j ACCEPT
-A INPUT -p udp -m policy --dir in --pol ipsec -m udp --dport 1701 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p udp -m udp --dport 500 -j ACCEPT
-A INPUT -p udp -m udp --dport 4500 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp1s0 -o wlp4s0 -j ACCEPT
-A FORWARD -i wlp4s0 -o enp1s0 -j ACCEPT
-A FORWARD -i tun+ -o usb0 -j ACCEPT
-A FORWARD -i usb0 -o tun+ -j ACCEPT
-A FORWARD -i tun+ -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o tun+ -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -i usb0 -o wlan0 -j ACCEPT
-A FORWARD -i wlan0 -o usb0 -j ACCEPT
COMMIT
Комментариев нет:
Отправить комментарий