QubesOS/qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
d8138a8f44
qubes-linux-template-builder/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip
Jason Mehring 0e53e2954f Whonix setup GUI now run on first start to allow configuration 
Added alternate for dialag (gdialog) so some of Whonix programs run
Changed sudo permissions to fix umask and not use QT shared memory
Changed whonix to use basic hosts file
Added detection if template is active for updating
Added startup code for tinyproxy
Added code to disable uwt so apt-get can be used as proxy
Created a python GUI Message Alert using yaml for messages (internationalization)
2014-11-02 16:14:36 -05:00

79 lines
2.5 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
. /usr/lib/whonix/utility_functions
if [ "${WHONIX}" == "gateway" ]; then
if [ -x /usr/sbin/xenstore-read ]; then
XENSTORE_READ="/usr/sbin/xenstore-read"
else
XENSTORE_READ="/usr/bin/xenstore-read"
fi
INTERFACE="eth1"
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
# Create a dummy eth1 interface so tor can bind to it if there
# are no DOMU virtual machines connected at the moment
ip link show ${INTERFACE} >> /dev/null || {
/sbin/ip link add ${INTERFACE} type dummy
# Now, assign it the netvm-gateway IP address
if [ x${ip} != x ]; then
netmask=$(${XENSTORE_READ} qubes-netvm-netmask)
gateway=$(${XENSTORE_READ} qubes-netvm-gateway)
/sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255
/sbin/ifconfig ${INTERFACE} up
/sbin/ethtool -K ${INTERFACE} sg off || true
/sbin/ethtool -K ${INTERFACE} tx off || true
fi
ip link set ${INTERFACE} up
}
fi
if [ "${WHONIX}" != "template" ]; then
# Files that will have the immutable bit set
# since we don't want them modified by other programs
IMMUTABLE_FILES=(
'/etc/resolv.conf'
'/etc/hostname'
'/etc/hosts'
)
# Make sure all .anondist files in list are immutable
immutableFilesEnable "${IMMUTABLE_FILES}"
immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist"
# Make sure we are using a copy of the annondist file and if not
# copy the annondist file and set it immutable
copyAnondist "/etc/resolv.conf"
copyAnondist "/etc/hosts"
copyAnondist "/etc/hostname"
# Replace IP addresses in known configuration files / scripts to
# currently discovered one
/usr/lib/whonix/replace-ips
# Make sure hostname is correct
/bin/hostname host
# Start Whonix Firewall
if [ "${WHONIX}" == "gateway" ]; then
export INT_IF="vif+"
export INT_TIF="vif+"
fi
/usr/bin/whonix_firewall
if [ "${WHONIX}" == "gateway" ]; then
# Route any traffic FROM netvm TO netvm BACK-TO localhost
# Allows localhost access to tor network
iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
fi
# Make sure we remove whonixsetup.done if Tor is not enabled
# to allow choice of repo and prevent whonixcheck errors
grep "^DisableNetwork 0$" /etc/tor/torrc || {
rm -f /var/lib/whonix/do_once/whonixsetup.done
}
fi
Reference in New Issue View Git Blame Copy Permalink