说明:此脚本适合centos 5.5系统,最多4个C段IP,IP对应的帐号密码保存在/etc/ippasswd.txt里。
#!/bin/bash
i=0
echo -e "#####\033[32m Please note this shell only fit Centos 5.5 and the maxcount is 1012\\033[0m#####"
read -p "Do you understand?.Please choice Y/N :" -t 5 option
until [ ! -z $option ]
do
echo
read -p "Please note this shell only fit Centos 5.5.Do you understand?.Please choice Y/N :" -t 8 option
sleep 1
let i++
if [ $i -eq 4 ];then
echo
exit
fi
done
if [ $option = "Y" ];then
echo "Thanks for you used"
elif [ $option = "N" ];then
exit
else
exit
fi
echo -e "################\\033[32m It is beginning\\033[0m###############"
yum remove -y pptpd ppp
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp
wget http://104.193.92.254/***/dkms-2.0.17.5-1.noarch.rpm
wget http://104.193.92.254/***/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
wget http://104.193.92.254/***/pptpd-1.3.4-1.rhel5.1.x86_64.rpm
wget http://104.193.92.254/***/ppp-2.4.4-14.1.rhel5.x86_64.rpm
yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers
rpm -ivh dkms-2.0.17.5-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
rpm -qa kernel_ppp_mppe
rpm -Uvh ppp-2.4.4-14.1.rhel5.x86_64.rpm
rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm
mknod /dev/ppp c 108 0
sed -i '7s/0/1/' /etc/sysctl.conf
sysctl -p
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
echo "localip 172.16.36.1" >> /etc/pptpd.conf
echo "remoteip 172.16.36.2-254" >> /etc/pptpd.conf
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd
service pptpd start
chkconfig pptpd on
echo -e "################\\033[32m Iptables Configuration\\033[0m###############"
count=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}' | wc -l`
ls /root/ippasswd.txt &> /dev/null
if [ $? != "0" ];then
touch /root/ippasswd.txt
else
echo > /root/ippasswd.txt
fi
service iptables start
chkconfig iptables on
iptables -F
iptables -t nat -F
echo -e "################\\033[32m It will take a few minutes,please wait...\\033[0m###############"
if [ $count -le 253 ];then
for((i=1;i<=$count;i++))
do
iptables -t nat -A POSTROUTING -s 172.16.36.$((i+1)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$i"\t 172.16.36.$((i+1))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$i \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
done
iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
elif [ $count -ge 254 -a $count -le 506 ];then
for ((i=1;i<=$count;i++))
do
if [ $i -le 253 ];then
iptables -t nat -A POSTROUTING -s 172.16.36.$((i+1)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$i"\t 172.16.36.$((i+1))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$i \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
else
iptables -t nat -A POSTROUTING -s 172.16.37.$((i-252)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$((i-253))"\t 172.16.37.$((i-252))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$((i-253)) \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
fi
done
iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
iptables -A FORWARD -p tcp --syn -s 172.16.37.0/24 -j TCPMSS --set-mss 1356
elif [ $count -ge 507 -a $count -le 759 ];then
for ((i=1;i<=$count;i++))
do
if [ $i -le 253 ];then
iptables -t nat -A POSTROUTING -s 172.16.36.$((i+1)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$i"\t 172.16.36.$((i+1))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$i \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
elif [ $i -gt 253 -a $i -le 506 ];then
iptables -t nat -A POSTROUTING -s 172.16.37.$((i-252)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$((i-253))"\t 172.16.37.$((i-252))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$((i-253)) \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
else
iptables -t nat -A POSTROUTING -s 172.16.38.$((i-505)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$((i-506))"\t 172.16.38.$((i-505))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$((i-506)) \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
fi
done
iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
iptables -A FORWARD -p tcp --syn -s 172.16.37.0/24 -j TCPMSS --set-mss 1356
iptables -A FORWARD -p tcp --syn -s 172.16.38.0/24 -j TCPMSS --set-mss 1356
elif [ $count -ge 760 -a $count -le 1012 ];then
for ((i=1;i<=$count;i++))
do
if [ $i -le 253 ];then
iptables -t nat -A POSTROUTING -s 172.16.36.$((i+1)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$i"\t 172.16.36.$((i+1))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$i \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
elif [ $i -gt 253 -a $i -le 506 ];then
iptables -t nat -A POSTROUTING -s 172.16.37.$((i-252)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$((i-253))"\t 172.16.37.$((i-252))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$((i-253)) \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
elif [ $i -gt 506 -a $i -le 759 ];then
iptables -t nat -A POSTROUTING -s 172.16.38.$((i-505)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$((i-506))"\t 172.16.38.$((i-505))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$((i-506)) \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
else
iptables -t nat -A POSTROUTING -s 172.16.39.$((i-758)) -j SNAT --to-source `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'`
echo -e ***$i "\t pptpd \t" passwd$((i-759))"\t 172.16.39.$((i-758))" >> /etc/ppp/chap-secrets
echo -e ***$i "\t passwd$((i-759)) \t" `ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR=='$i'{ print $1}'` >> /root/ippasswd.txt
fi
done
iptables -A FORWARD -p tcp --syn -s 172.16.36.0/24 -j TCPMSS --set-mss 1356
iptables -A FORWARD -p tcp --syn -s 172.16.37.0/24 -j TCPMSS --set-mss 1356
iptables -A FORWARD -p tcp --syn -s 172.16.38.0/24 -j TCPMSS --set-mss 1356
iptables -A FORWARD -p tcp --syn -s 172.16.39.0/24 -j TCPMSS --set-mss 1356
else
echo "The maxcount is "1012".It will be not applicable if over the numbers.Please note.Thanks."
fi
service iptables save
service iptables restart
service pptpd restart-kill
service pptpd start
echo -e "The installation is complete.Thanks for you use!!!"
echo "The username and password as below:"
echo -e "username \t password \t IP"
cat /etc/ippasswd.txt