一个和wlanauth同源的脚本,连上无线网之后,将当前有线连接在无线网上共享的脚本。
其中的fwder是一个程序,非常简单,主要是用来在HTTP proxy支持CONNECT的情况下,实现透明HTTPS代理的。用这个搞的HTTPS代理连证书都没问题……
#!/bin/sh
if [ "`ifconfig | grep wlan0 | grep -v grep`" = "" ]; then
echo "Loading driver and creating device..."
kldload if_wpi
ifconfig wlan0 create wlandev wpi0
ifconfig wlan0 up
ifconfig wlan0 bmiss 255
fi
if [ "`ifconfig wlan0 | grep status | grep running`" = "" ]; then
wpa_supplicant -B -iwlan0 -c/home/henryhu/conf/wpa_supplicant.conf
fi
echo -n "Waiting to be associated "
MY_ID=`wpa_cli list | grep henryhu | cut -f 1`
while true; do
echo -n .;
if [ "`ifconfig wlan0 | grep -E '(associated|running)' | grep -v grep`" != "" ]; then
SID_NAME=`ifconfig wlan0 | grep ssid | cut -f 2 -d \ `
echo "Associated with $SID_NAME."
if [ "$SID_NAME" = "henryhu" ]; then
break;
else
echo "Associated with other's wlan, reassociate";
wpa_cli select_network $MY_ID
wpa_cli reassoc
fi
fi;
sleep 1;
done
echo "Setting IP to 192.168.137.1 ..."
ifconfig wlan0 192.168.137.1
echo "Enable forwarding..."
sysctl net.inet.ip.forwarding=1
echo "Modify firewall..."
#ipfw add 1050 divert 8668 ip4 from any to any via ue0
kldload ipfw_nat
pkill fwder
/home/henryhu/src/fwder &
ipfw nat 1 config if ue0 log same_ports reset
ipfw add 1030 allow tcp from me to any via wlan0
ipfw add 1040 allow tcp from any to me via wlan0
ipfw add 1050 nat 1 ip4 from any to any via ue0
ipfw add 1060 nat 1 ip4 from any to any via wlan0
ipfw add 1070 fwd 192.168.137.1,3128 tcp from any to any dst-port 80 via wlan0
ipfw add 1080 fwd 192.168.137.1,8443 tcp from any to any dst-port 443 via wlan0
ipfw add 1090 allow ip from not me to not me
echo "Starting DHCP server..."
/usr/local/etc/rc.d/isc-dhcpd onestart
echo "Done!"
