151 lines
4.1 KiB
Bash
Executable File
151 lines
4.1 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# VM Network Setup Script
|
|
# This script sets up networking for VMs to enable SSH access
|
|
|
|
set -e
|
|
|
|
# Colors for output
|
|
RED='\033[0;31m'
|
|
GREEN='\033[0;32m'
|
|
YELLOW='\033[1;33m'
|
|
BLUE='\033[0;34m'
|
|
NC='\033[0m' # No Color
|
|
|
|
log() {
|
|
echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')] $1${NC}"
|
|
}
|
|
|
|
warn() {
|
|
echo -e "${YELLOW}[$(date +'%Y-%m-%d %H:%M:%S')] WARNING: $1${NC}"
|
|
}
|
|
|
|
error() {
|
|
echo -e "${RED}[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $1${NC}"
|
|
exit 1
|
|
}
|
|
|
|
info() {
|
|
echo -e "${BLUE}[$(date +'%Y-%m-%d %H:%M:%S')] INFO: $1${NC}"
|
|
}
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
error "This script must be run as root"
|
|
fi
|
|
|
|
BRIDGE_NAME="br0"
|
|
BRIDGE_IP="192.168.100.1/24"
|
|
NETWORK="192.168.100.0/24"
|
|
|
|
log "Setting up VM networking..."
|
|
|
|
# Check if bridge already exists and has IP
|
|
if ip link show "$BRIDGE_NAME" &>/dev/null; then
|
|
if ip addr show "$BRIDGE_NAME" | grep -q "192.168.100.1"; then
|
|
info "Bridge $BRIDGE_NAME already configured with IP"
|
|
else
|
|
log "Adding IP address to existing bridge..."
|
|
ip addr add "$BRIDGE_IP" dev "$BRIDGE_NAME"
|
|
fi
|
|
else
|
|
log "Bridge $BRIDGE_NAME not found. It will be created when VMs start."
|
|
fi
|
|
|
|
# Enable IP forwarding
|
|
log "Enabling IP forwarding..."
|
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
|
|
# Make IP forwarding persistent
|
|
if ! grep -q "net.ipv4.ip_forward=1" /etc/sysctl.conf; then
|
|
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
|
|
log "IP forwarding made persistent in /etc/sysctl.conf"
|
|
fi
|
|
|
|
# Set up NAT for VM network
|
|
log "Setting up NAT for VM network..."
|
|
|
|
# Remove existing rules to avoid duplicates
|
|
iptables -t nat -D POSTROUTING -s "$NETWORK" -j MASQUERADE 2>/dev/null || true
|
|
iptables -D FORWARD -i "$BRIDGE_NAME" -o "$BRIDGE_NAME" -j ACCEPT 2>/dev/null || true
|
|
iptables -D FORWARD -i "$BRIDGE_NAME" -j ACCEPT 2>/dev/null || true
|
|
iptables -D FORWARD -o "$BRIDGE_NAME" -j ACCEPT 2>/dev/null || true
|
|
|
|
# Add new rules
|
|
iptables -t nat -A POSTROUTING -s "$NETWORK" -j MASQUERADE
|
|
iptables -A FORWARD -i "$BRIDGE_NAME" -o "$BRIDGE_NAME" -j ACCEPT
|
|
iptables -A FORWARD -i "$BRIDGE_NAME" -j ACCEPT
|
|
iptables -A FORWARD -o "$BRIDGE_NAME" -j ACCEPT
|
|
|
|
log "NAT rules configured"
|
|
|
|
# Install and configure dnsmasq for DHCP
|
|
if ! command -v dnsmasq &>/dev/null; then
|
|
log "Installing dnsmasq for DHCP..."
|
|
apt update && apt install -y dnsmasq
|
|
fi
|
|
|
|
# Configure dnsmasq for VM network
|
|
DNSMASQ_CONF="/etc/dnsmasq.d/vm-network.conf"
|
|
log "Configuring DHCP for VM network..."
|
|
|
|
cat > "$DNSMASQ_CONF" << EOF
|
|
# VM Network DHCP Configuration
|
|
# Only bind to the bridge interface to avoid conflicts with systemd-resolved
|
|
interface=$BRIDGE_NAME
|
|
bind-interfaces
|
|
|
|
# Disable DNS server functionality (only DHCP)
|
|
port=0
|
|
|
|
# DHCP configuration
|
|
dhcp-range=192.168.100.10,192.168.100.100,12h
|
|
dhcp-option=3,192.168.100.1
|
|
dhcp-option=6,8.8.8.8,8.8.4.4
|
|
|
|
# Disable reading /etc/hosts and /etc/resolv.conf
|
|
no-hosts
|
|
no-resolv
|
|
EOF
|
|
|
|
# Restart dnsmasq
|
|
systemctl restart dnsmasq
|
|
systemctl enable dnsmasq
|
|
|
|
log "DHCP server configured and started"
|
|
|
|
# Create a script to show VM IPs
|
|
cat > "/usr/local/bin/vm-ips" << 'EOF'
|
|
#!/bin/bash
|
|
echo "VM DHCP Leases:"
|
|
echo "==============="
|
|
if [ -f /var/lib/dhcp/dhcpd.leases ]; then
|
|
awk '/lease/ { ip = $2 } /client-hostname/ { hostname = $2; gsub(/[";]/, "", hostname) } /binding state active/ { print ip " - " hostname }' /var/lib/dhcp/dhcpd.leases
|
|
elif [ -f /var/lib/dhcpcd5/dhcpcd.leases ]; then
|
|
cat /var/lib/dhcpcd5/dhcpcd.leases
|
|
else
|
|
echo "DHCP lease file not found. Checking dnsmasq leases..."
|
|
if [ -f /var/lib/dhcp/dhcpd.leases ]; then
|
|
cat /var/lib/dhcp/dhcpd.leases
|
|
else
|
|
echo "No lease information available"
|
|
echo "Try: arp -a | grep 192.168.100"
|
|
fi
|
|
fi
|
|
EOF
|
|
|
|
chmod +x /usr/local/bin/vm-ips
|
|
|
|
log "Network setup completed!"
|
|
echo ""
|
|
info "Network Configuration Summary:"
|
|
info "- Bridge: $BRIDGE_NAME with IP $BRIDGE_IP"
|
|
info "- DHCP range: 192.168.100.10 - 192.168.100.100"
|
|
info "- DNS servers: 8.8.8.8, 8.8.4.4"
|
|
info "- NAT configured for internet access"
|
|
echo ""
|
|
info "To see VM IP addresses: vm-ips"
|
|
info "To check bridge status: ip addr show $BRIDGE_NAME"
|
|
info "To see DHCP leases: cat /var/lib/dhcp/dhcpd.leases"
|
|
echo ""
|
|
warn "Note: VMs need to be restarted to get DHCP IP addresses" |