I had written a script to allow on the fly changes to the traffic routing. The idea being that you could choose a port number, protocol type, and an internet connection, and have it route the traffic accordingly. It certainly saved on ssh'ing the router! However, since the move over to Joomla 1.5 I seem to have misplaced it. Ill probably get around to finding it eventually.
A rather useful application of the above is to incorporate the above into a script, which allows you to switch between internet connections on a per-traffic type basis. Im working on a script at the moment which will do just that, and obviously post it up here when I get chance. As a temporary back stop, Ive written a short script in php which serves the purpose for the time being. Basically, its acts like a flipper switch for a given traffic type. So sticking with our http example, the script simply runs the command to list the mangle table and greps it for the rule to mark http packets. If it finds such a rule, it deletes it. If not, it appends it to the mangle table. Thus calling the script will simply flip the traffic from one connection to the other.
Now I wanted to be able to call this script from a web page, which immediatley causes a problem for two reasons:
-
Generally speaking, the httpd or apache user doesnt have rights to alter the iptables on its host machine (quite rightly so)
-
My webserver is a different box to the router
SSHing the router from the webserver seemed the most logical work around, but how to get the password entered into the ssh command when it prompts for one? Expect proved to be answer (you can check it out here) which is designed for such occasions. basically you write a script which tells it what to expect (do you see what they did there?) and it inputs whatever you ask it to. Next I found this expect script which accepts a host, the root password, and a command: (thanks to the chaps at NIXCraft for that)
#!/usr/bin/expect -f
# Expect script to supply root/admin password for remote ssh server
# and execute command.
# This script needs three argument to(s) connect to remote server:
# password = Password of remote UNIX server, for root user.
# ipaddr = IP Addreess of remote UNIX server, no hostname
# scriptname = Path to remote script which will execute on remote server
# For example:
# ./sshlogin.exp password 192.168.1.11 who
# ------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
# set Variables
set password [lrange $argv 0 0]
set ipaddr [lrange $argv 1 1]
set username [lrange $argv 2 2]
set timeout -1
# now connect to remote UNIX box (ipaddr) with given script to execute
spawn ssh $username@$ipaddr
match_max 100000
# Look for passwod prompt
expect "*?assword:*"
# Send password aka $password
send -- "$password\r"
# send blank line (\r) to make sure we get back to gui
send -- "\r"
expect eof
Copy the above lines into a file called flip.exp and then chmod +x flip.exp to allow it to be executed (otherwise you'll get a Permission denied error)
This script can then be called from your web page using (in php)
exec("flip.exp <root password> <ip_address_of_router> <location of flip sh script>");
Easy! Like I said, Ive got a php script that performs the actually flipping at the moment. I'll get around to converting this into sh and when I do Ill post it up here. There seems to be a lot of interest in routing over multiple internet connections, so thanks everyone for your continued support.
Linux stuff 
Check out the 10 mile round trip I had to do to login into a site that was asking for a username and password 
| 
| 
