iptables now being set by client

2025-10-05 08:47:35 +08:00 · 2021-04-15 09:48:14 -04:00
parent 77914d22b0
commit e2ec093eaf
9 changed files with 78 additions and 13 deletions
--- a/controllers/nodeHttpController.go
+++ b/controllers/nodeHttpController.go
@@ -592,12 +592,12 @@ func createGateway(w http.ResponseWriter, r *http.Request) {
 	nodechange.IsGateway = true
 	nodechange.GatewayRange = gateway.RangeString
 	if gateway.PostUp == "" {
-		nodechange.PostUp = "iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o " + gateway.Interface + " -j MASQUERADE"
+		nodechange.PostUp = "iptables -A FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -A POSTROUTING -o " + gateway.Interface + " -j MASQUERADE"
 	} else {
 		nodechange.PostUp = gateway.PostUp
 	}
 	if gateway.PostDown == "" {
-		nodechange.PostDown = "iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -D POSTROUTING -o " + gateway.Interface + " -j MASQUERADE"
+		nodechange.PostDown = "iptables -D FORWARD -i " + node.Interface + " -j ACCEPT; iptables -t nat -D POSTROUTING -o " + gateway.Interface + " -j MASQUERADE"
 	} else {
 		nodechange.PostDown = gateway.PostDown
 	}
--- a/functions/helpers.go
+++ b/functions/helpers.go
@@ -25,7 +25,7 @@ import (
 //node has that value for the same field within the network

 func CreateServerToken(netID string) (string, error) {
-
+	fmt.Println("Creating token.")
        var network models.Network
        var accesskey models.AccessKey

@@ -43,8 +43,23 @@ func CreateServerToken(netID string) (string, error) {
        }
        address := "localhost" + gconf.PortGRPC

-        accessstringdec := address + "." + netID + "." + accesskey.Value
-        accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec))
+        privAddr := ""
+        if *network.IsLocal {
+                privAddr = network.LocalRange
+        }
+
+
+	fmt.Println("Token details:")
+	fmt.Println("    grpc address + port: " + address)
+	fmt.Println("                network: " + netID)
+	fmt.Println("          private range: " + privAddr)
+
+	accessstringdec := address + "|" + netID + "|" + accesskey.Value + "|" + privAddr
+
+	accesskey.AccessString = base64.StdEncoding.EncodeToString([]byte(accessstringdec))
+
+        fmt.Println("          access string: " + accesskey.AccessString)
+

        network.AccessKeys = append(network.AccessKeys, accesskey)

--- a/main.go
+++ b/main.go
@@ -63,6 +63,7 @@ func main() {

 	log.Println("Server starting...")
 	mongoconn.ConnectDatabase()
+
 	installserver := false
 	if !(defaultnet == "off") {
 	if config.Config.Server.CreateDefault {
--- a/netclient/functions/.common.go.swp
+++ b/netclient/functions/.common.go.swp
--- a/netclient/functions/common.go
+++ b/netclient/functions/common.go
@@ -678,12 +678,41 @@ func initWireguard(node *nodepb.Node, privkey string, peers []wgtypes.PeerConfig
                Stderr: os.Stdout,
        }
        err = cmdIPLinkDown.Run()
-        err = cmdIPLinkUp.Run()
-        if  err  !=  nil {
+        if nodecfg.PostDown != "" {
+		runcmds := strings.Split(nodecfg.PostDown, "; ")
+		err = runCmds(runcmds)
+		if err != nil {
+			fmt.Println("Error encountered running PostDown: " + err.Error())
+		}
+	}
+
+	err = cmdIPLinkUp.Run()
+        if nodecfg.PostUp != "" {
+                runcmds := strings.Split(nodecfg.PostUp, "; ")
+                err = runCmds(runcmds)
+                if err != nil {
+                        fmt.Println("Error encountered running PostUp: " + err.Error())
+                }
+        }
+	if  err  !=  nil {
                return err
        }
 	return err
 }
+func runCmds(commands []string) error {
+	var err error
+	for _, command := range commands {
+		fmt.Println("Running command: " + command)
+		args := strings.Fields(command)
+		out, err := exec.Command(args[0], args[1:]...).Output()
+		fmt.Println(string(out))
+		if err != nil {
+			return err
+		}
+	}
+	return err
+}
+

 func setWGKeyConfig(network string, serveraddr string) error {

@@ -959,7 +988,7 @@ func CheckIn(network string) error {
                if ifaceupdate {
 			fmt.Println("Interface update: " + currentiface +
 			" >>>> " + newinterface)
-                        err := DeleteInterface(currentiface)
+                        err := DeleteInterface(currentiface, nodecfg.PostDown)
                        if err != nil {
                                fmt.Println("ERROR DELETING INTERFACE: " + currentiface)
                        }
@@ -1206,12 +1235,19 @@ func WipeLocal(network string) error{
        if  err  !=  nil {
                fmt.Println(err)
        }
+        if nodecfg.PostDown != "" {
+                runcmds := strings.Split(nodecfg.PostDown, "; ")
+                err = runCmds(runcmds)
+                if err != nil {
+                        fmt.Println("Error encountered running PostDown: " + err.Error())
+                }
+        }
 	}
 	return err

 }

-func DeleteInterface(ifacename string) error{
+func DeleteInterface(ifacename string, postdown string) error{
        ipExec, err := exec.LookPath("ip")

        cmdIPLinkDel := &exec.Cmd {
@@ -1224,6 +1260,13 @@ func DeleteInterface(ifacename string) error{
        if  err  !=  nil {
                fmt.Println(err)
        }
+        if postdown != "" {
+                runcmds := strings.Split(postdown, "; ")
+                err = runCmds(runcmds)
+                if err != nil {
+                        fmt.Println("Error encountered running PostDown: " + err.Error())
+                }
+        }
        return err
 }

--- a/netclient/main.go
+++ b/netclient/main.go
@@ -110,6 +110,7 @@ func main() {
 			fmt.Println("Beginning agent installation.")
 			err := functions.Install(*taccesskey, *tpassword, *tserver, *tnetwork, *tnoauto, *taccesstoken, *tname)
 			if err != nil {
+				fmt.Println("Error encountered while installing.")
 				if !strings.Contains(err.Error(), "ALREADY_INSTALLED") {
 				fmt.Println("Error installing: ", err)
 				fmt.Println("Cleaning up (uninstall)")
--- a/1
+++ b/1
@@ -0,0 +1 @@
+wMb6dxHPNJqQd8GbwfLN8HPLiJYEl1uJtEls5hRoD10=
--- a/1
+++ b/1
@@ -0,0 +1 @@
+/FdO9q+Bs3ee/NVbtKwMhSmFj4AyyjmlOrujzaBoenE=
--- a/serverctl/serverctl.go
+++ b/serverctl/serverctl.go
@@ -4,6 +4,7 @@ import (
        "fmt"
  "github.com/gravitl/netmaker/functions"
 	"io"
+	"errors"
 	"net/http"
        "os"
        "os/exec"
@@ -56,11 +57,13 @@ func AddNetwork(network string) (bool, error) {
                fmt.Println("could not find or create /etc/netclient")
                return false, err
        }
+	fmt.Println("Directory is ready.")
 	token, err := functions.CreateServerToken(network)
        if err != nil {
                fmt.Println("could not create server token for " + network)
 		return false, err
        }
+	fmt.Println("Token is ready.")
        _, err = os.Stat("/etc/netclient/netclient")
 	if os.IsNotExist(err) {
 		err = DownloadNetclient()
@@ -74,12 +77,12 @@ func AddNetwork(network string) (bool, error) {
                fmt.Println("could not change netclient directory permissions")
                return false, err
        }
-	cmdoutput, err := exec.Command("/etc/netclient/netclient","-c","install","-t",token,"-name","netmaker").Output()
+	fmt.Println("Client is ready. Running install.")
+	out, err := exec.Command("/etc/netclient/netclient","-c","install","-t",token,"-name","netmaker").Output()
+        fmt.Println(string(out))
 	if err != nil {
-	        fmt.Println(string(cmdoutput))
-                return false, err
+                return false, errors.New(string(out) + err.Error())
        }
-	fmt.Println(string(cmdoutput))
 	fmt.Println("Server added to network " + network)
 	return true, err
 }
				`@@ -0,0 +1 @@`
				`wMb6dxHPNJqQd8GbwfLN8HPLiJYEl1uJtEls5hRoD10=`
				`@@ -0,0 +1 @@`
				`/FdO9q+Bs3ee/NVbtKwMhSmFj4AyyjmlOrujzaBoenE=`