#!/bin/sh

echo -e "\e[41;10mThis script MUST be run as root, and you need to configure a few variables inside the script first!!!\eO"

################## For use in centos6 and Fedora 15 #####################

######################## MUST BE RUN AS ROOT!! ##########################

##################### SET YOUR VARIABLES BELOW ##########################

############ SET squid server IP below ########################

SQUID_SERVER = "192.168.2.2"

################## SET Squid port below #######################

SQUID_PORT = "3128"

############ SET Interface connected to Internet below ########

INTERNET = "eth0"

############ SET the MAC of Interface connected to INTERNET below ########

INT_MAC = "00:18:FE:67:EF:36"

############ SET Interface connected to LAN below #############

LAN_IN = "eth1"

############ SET the MAC of Interface connected to LAN below ########

LAN_MAC = "F4:6D:04:A2:9C:31"

############ SET DHCP STATIC server IP below ########################

LAN_IP = "192.168.2.2"

############ SET your required domain name below ########################

DOMAIN_NAME = "awesome"

####################### DO NOT MODIFY BELOW ##############################

############### Unless you know what you are doing #######################

############################ Yummy APs ##################################

echo -e '\e[47;30mDownloading and installing BIND, SQUID and DHCP....\e0'

yum install bind squid dhcp wget gedit vim nano -y

############################ Firewall ###################################

echo -e '\e[47;30mSetting Firewall for DHCP, SQUID and BIND(DNS).....\e0'

# Clean old firewall

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

# Load IPTABLES modules for NAT and IP conntrack support

#/etc/modprobe.d/modprobe ip_conntrack

#/etc/modprobe.d/modprobe ip_conntrack_ftp

# For win xp ftp client

#modprobe ip_nat_ftp

echo 1 > / proc / sys / net / ipv4 / ip_forward

# Setting default filter policy

iptables -P INPUT DROP

iptables -P OUTPUT ACCEPT

# Unlimited access to loop back

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT

# Allow UDP, DNS and Passive FTP

iptables -A INPUT -i $INTERNET -m state --state ESTABLISHED,RELATED -j ACCEPT

# set this system as a router for Rest of LAN

iptables --table nat --append POSTROUTING --out-interface $INTERNET -j MASQUERADE

iptables --append FORWARD --in-interface $LAN_IN -j ACCEPT

# unlimited access to LAN

iptables -A INPUT -i $LAN_IN -j ACCEPT

iptables -A OUTPUT -o $LAN_IN -j ACCEPT

# DNAT port 80 request comming from LAN systems to squid 3128 ($SQUID_PORT) aka transparent proxy

iptables -t nat -A PREROUTING -i $LAN_IN -p tcp --dport 80 -j DNAT --to $SQUID_SERVER : $SQUID_PORT

# if it is same system

iptables -t nat -A PREROUTING -i $INTERNET -p tcp --dport 80 -j REDIRECT --to-port $SQUID_PORT

# DROP everything and Log it

iptables -A INPUT -j LOG

iptables -A INPUT -j DROP

/ etc / init.d / iptables save

echo -e "\e[47;30mFirewall setup complete\e0"

############################ DHCP ###################################

echo -e "\e[47;30mSetting up DHCP....\e0"

# SET static IP for serving NIC

echo "

# Generated by Johns Script

DEVICE= $LAN_IN

TYPE=Ethernet

ONBOOT=yes

BOOTPROTO=static

IPADDR= $LAN_IP

NETMASK=255.255.0.0

GATEWAY=192.168.1.1

HWADDR= $LAN_MAC

USERCTL=no" > / etc / sysconfig / network-scripts / ifcfg- $LAN_IN

# SET static INTERNET facing NIC

echo "

# Generated by Johns Script

DEVICE= $INTERNET

TYPE=Ethernet

ONBOOT=yes

BOOTPROTO=dhcp

NETMASK=255.255.0.0

GATEWAY=192.168.1.1

HWADDR= $INT_MAC

USERCTL=no" > / etc / sysconfig / network-scripts / ifcfg- $INTERNET

# SET DHCP serving NIC

cp / etc / sysconfig / dhcpd / etc / sysconfig / dhcpd-bup

echo DHCPDARGS = $LAN_IN > / etc / sysconfig / dhcpd

# SET DHCP config

cp / etc / dhcp / dhcpd.conf / etc / dhcp / dhcpd.conf-bup

echo "

# Generated by Johns Script

# DHCP Server Configuration file.

# see /usr/share/doc/dhcp*/dhcpd.conf.sample

# see dhcpd.conf(5) man page

#

ddns-update-style interim; # Required for dhcp 3.0+ / Red Hat 8.0+

allow client-updates;

allow booting;

allow bootp;

authoritative;

DHCPDARGS=" $LAN_IN ";

subnet 192.168.2.0 netmask 255.255.255.0 {

range 192.168.2.128 192.168.2.254; # Range of IP addresses to be issued to DHCP clients

option subnet-mask 255.255.255.0; # Default subnet mask to be used by DHCP clients

option broadcast-address 192.168.2.255; # Default broadcastaddress to be used by DHCP clients

option routers 192.168.2.2; # Default gateway to be used by DHCP clients

option domain-name-servers 192.168.2.2;

option netbios-name-servers 192.168.2.100; # Specify a WINS server for MS/Windows clients.

next-server 192.168.2.2;

option domain-name " $DOMAIN_NAME ";

default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address

max-lease-time 43200;}" > / etc / dhcp / dhcpd.conf

chkconfig dhcpd on

echo -e "\e[47;30mDHCP setup Complete\e0"

############################ SQUID ###################################

echo -e "\e[47;30mDownloading SQUID ad blocking file (internet required).....\e0"

#get host ad blocking file

#wget http://winhelp2002.mvps.org/hosts.zip

wget http: // winhelp2002.mvps.org / hosts.txt

cat host.txt

#unzip host file

# Destination Dir Source file

#unzip -od /home/john/Downloads/hosts.tmp /home/john/Downloads/hosts.zip

#awk host file to just web addresses for squid

awk '{ gsub(/www./, "")}\

{ gsub(/localhost/, "")}\

$1 == "127.0.0.1" { print $2 }' hosts.txt > / etc / squid / ad_block.txt

#{ gsub(/adsx.greystripe/, "")}\

tail / etc / squid / ad_block.txt

echo -e "\e[47;30mad blocking file set, now configuring squid...\e0"

# SET squid config

cp / etc / squid / squid.conf / etc / squid / squid.conf-bup

echo "

http_port 3128 transparent

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network

acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

## Block ads

acl ads dstdom_regex \" /etc/squid/ad_block.txt \"

http_access deny ads

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access allow localnet

http_access deny all

# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid 1000 16 256" > / etc / squid / squid.conf

chkconfig squid on

echo -e "\e[47;30mSquid setup complete\e0"

############################ DNS ###################################

echo -e "\e[47;30mConfiguring DNS....\e0"

# SET DNS config

cp / etc / resolv.conf.head / etc / resolv.conf.head-bup

echo "# Generated by Johns script

nameserver 127.0.0.1 #(local named)

#nameserver 208.67.222.222 #(resolver1.opendns.com)

#nameserver 208.67.220.220 #(resolver2.opendns.com)

#OpenDNS also provides the following recursive nameserver addresses as part of blocks porn too

#208.67.222.123

#208.67.220.123" > / etc / resolv.conf.head

# SET local DNS config

cp / etc / named.conf / etc / named.conf-bup

echo "

# Generated by Johns script

#

# Provided by Red Hat bind package to configure the ISC BIND named(8) DNS

# server as a caching only nameserver (as a localhost DNS resolver only).

#

# See /usr/share/doc/bind*/sample/ for example named configuration files.

#

options {

listen-on port 53 { 127.0.0.1; 192.168.2.0/24; };

directory \" /var/named \" ;

dump-file \" /var/named/data/cache_dump.db \" ;

statistics-file \" /var/named/data/named_stats.txt \" ;

memstatistics-file \" /var/named/data/named_mem_stats.txt \" ;

allow-query { localhost; 192.168.2.0/24; };

recursion yes;

query-source address * port 53;

dnssec-enable yes;

dnssec-validation yes;

dnssec-lookaside auto;

/* Path to ISC DLV key */

bindkeys-file \" /etc/named.iscdlv.key \" ;

managed-keys-directory \" /var/named/dynamic \" ;

};

logging {

channel default_debug {

file \" data/named.run \" ;

severity dynamic;

};

};

zone " . " IN {

type hint;

file \" named.ca \" ;

};

include \" /etc/named.rfc1912.zones \" ;

include \" /etc/named.root.key \" ;" > / etc / named.conf

chkconfig named on

echo -e "\e[47;30mBIND(DNS) setup complete.\e0"

echo "Starting services...."

service NetworkManager stop

service NetworkManager start

service dhcpd start

service named start

service squid start

ifconfig

gateway

service dhcpd status

service named status

service squid status

rm -r hosts. *

echo "Enjoy and good luck...."