Asus Merlin custom DHCP on guest networks

1. sleep 60
2.  
3. ## List of all possible guest interfaces:
4. GUESTS="wl0.1 wl0.2 wl0.3 wl1.1 wl1.2 wl1.3 vlan4000 vlan4001 vlan4002"
5.  
6. get_ip () {
7. /sbin/ifconfig $1 | /bin/sed -ne's/.*inet addr:\([^ ]*\).*$/\1/p'
8. }
9. LAN=$(get_ip br0) ## LAN ipaddr
10. logger -s -- "$0: Determined br0 bridge address $LAN"
11.  
12.  
13. TMPCONF=/tmp/dnsmasq.conf.add
14. [ -e $TMPCONF ] && rm -f $TMPCONF
15.  
16. ## Firewall rules for guest interfaces:
17. firewall () {
18. /usr/sbin/ebtables -t broute $1 BROUTING -p ipv4 -i $2 -j DROP
19. /usr/sbin/ebtables -t broute $1 BROUTING -p ipv6 -i $2 -j DROP
20. /usr/sbin/ebtables -t broute $1 BROUTING -p arp -i $2 -j DROP
21. /usr/sbin/iptables $1 FORWARD -i $2 -j ACCEPT
22. /usr/sbin/iptables $1 INPUT -i $2 -j ACCEPT
23. /usr/sbin/iptables $1 FORWARD -i $2 -d $LAN/24 -j DROP
24. /usr/sbin/iptables $1 INPUT -i $2 -d $LAN/24 -j DROP
25. }
26.  
27. IF_COUNTER=100
28. GATEWAY=`ip route | grep default | sed 's/.*via //' | sed 's/ dev.*//'`
29.  
30. /bin/cat <<-EOF >>$TMPCONF
31. log-dhcp
32. EOF
33.  
34.  
35. ## Set up each guest interface in turn, skipping those that don't exist:
36. for IFACE in $GUESTS ; do
37. ifconfig $IFACE >/dev/null 2>&1 || continue
38. IF_COUNTER=$(expr $IF_COUNTER + 1)
39. logger -s -- "$0: Configuring $IFACE"
40. /sbin/ifconfig $IFACE 192.168.$IF_COUNTER.1 netmask 255.255.255.0
41.  
42. ## Update guest firewall rules for this interface:
43. firewall -D $IFACE 2>/dev/null ## First pass: delete existing rules (if present).
44. firewall -I $IFACE ## Second pass: add new rules
45.  
46. ## Remove Merlin's default guest firewall rules:
47. /usr/sbin/ebtables -D FORWARD -i $IFACE -j DROP 2>/dev/null
48. /usr/sbin/ebtables -D FORWARD -o $IFACE -j DROP 2>/dev/null
49.  
50. ## Add dnsmasq entries for this interface:
51. /bin/cat <<-EOF >>$TMPCONF
52. interface=$IFACE
53. dhcp-range=$IFACE,192.168.$IF_COUNTER.150,192.168.$IF_COUNTER.199,255.255.255.0,8h
54. dhcp-option=$IFACE,3,192.168.$IF_COUNTER.1
55. dhcp-option=$IFACE,6,8.8.8.8,8.8.4.4
56. dhcp-option=$IFACE,33,$GATEWAY,192.168.$IF_COUNTER.1
57. dhcp-option=$IFACE,252,"\n"
58. EOF
59. done
60.  
61. ## Replace existing config and restart dnsmasq, but only if something changed:
62. DNSCONF=/jffs/configs/dnsmasq.conf.add
63. new=$(cat $TMPCONF)
64. old=$(cat $DNSCONF)
65.  
66. if [ "$new" != "$old" ]; then
67. ## Replace any existing postconf for dnsmasq:
68. cat $TMPCONF > $DNSCONF
69. /sbin/service restart_dnsmasq
70. fi
71. rm -f $TMPCONF
72.  
73. exit 0