一个和wlanauth同源的脚本,连上无线网之后,将当前有线连接在无线网上共享的脚本。

其中的fwder是一个程序,非常简单,主要是用来在HTTP proxy支持CONNECT的情况下,实现透明HTTPS代理的。用这个搞的HTTPS代理连证书都没问题……

#!/bin/sh

if [ "`ifconfig | grep wlan0 | grep -v grep`" = "" ]; then
        echo "Loading driver and creating device..."
        kldload if_wpi
        ifconfig wlan0 create wlandev wpi0
        ifconfig wlan0 up
        ifconfig wlan0 bmiss 255
fi

if [ "`ifconfig wlan0 | grep status | grep running`" = "" ]; then
        wpa_supplicant -B -iwlan0 -c/home/henryhu/conf/wpa_supplicant.conf
fi

echo -n "Waiting to be associated "

MY_ID=`wpa_cli list | grep henryhu | cut -f 1`

while true; do
        echo -n .;
        if [ "`ifconfig wlan0 | grep -E '(associated|running)' | grep -v grep`" != "" ]; then
                SID_NAME=`ifconfig wlan0 | grep ssid | cut -f 2 -d \ `
                echo "Associated with $SID_NAME."

                if [ "$SID_NAME" = "henryhu" ]; then
                        break;
                else
                        echo "Associated with other's wlan, reassociate";
                        wpa_cli select_network $MY_ID
                        wpa_cli reassoc
                fi
        fi;
        sleep 1;
done

echo "Setting IP to 192.168.137.1  ..."
ifconfig wlan0 192.168.137.1

echo "Enable forwarding..."
sysctl net.inet.ip.forwarding=1

echo "Modify firewall..."
#ipfw add 1050 divert 8668 ip4 from any to any via ue0
kldload ipfw_nat
pkill fwder
/home/henryhu/src/fwder &
ipfw nat 1 config if ue0 log same_ports reset
ipfw add 1030 allow tcp from me to any via wlan0
ipfw add 1040 allow tcp from any to me via wlan0
ipfw add 1050 nat 1 ip4 from any to any via ue0
ipfw add 1060 nat 1 ip4 from any to any via wlan0
ipfw add 1070 fwd 192.168.137.1,3128 tcp from any to any dst-port 80 via wlan0
ipfw add 1080 fwd 192.168.137.1,8443 tcp from any to any dst-port 443 via wlan0
ipfw add 1090 allow ip from not me to not me

echo "Starting DHCP server..."
/usr/local/etc/rc.d/isc-dhcpd onestart

echo "Done!"