Friday, 22 February 2013

SPLAT: Interface rebuild script

Hi everyone,

Today I got tired of using sysconfig to create hundreds of subinterfaces while migrating large FWs to new hardware, so I've gone ahead and made a script which does it for you.

First (optional, really), take a backup of your existing firewall with this script:

Interface Backup Script

Side note:
Instead of using this to restore/migrate interfaces, since the format is extremely easy (interface IP netmask), you can use this to quickly configure a new device as well.

Second, transfer the file (or create your own) on the new hardware, and run the rebuild script:

Interface Rebuild Script

Here it is in action:

New firewall (basic config):

[Expert@R75-B]# ifconfig -a | grep -A 1 eth
eth0        Link encap:Ethernet  HWaddr 00:0C:29:13:5C:FC
            inet addr:192.168.0.60  Bcast:192.168.0.255  Mask:255.255.255.0
--
eth1        Link encap:Ethernet  HWaddr 00:0C:29:13:5C:06
            BROADCAST MULTICAST  MTU:1500  Metric:1
--
eth2        Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10
            BROADCAST MULTICAST  MTU:1500  Metric:1

Run the script:
[Expert@R75-B]# ./interface_rebuild_splat.sh 
Hello, please enter the correct log file to analyze
firewall_interfaces_backup
Thank you - Recreating interfaces now
Finished recreating the interfaces...
Please remember to run ifconfig --save when finished!
Goodbye 
[Expert@R75-B]# ifconfig --save

We can now see all of our interfaces have been created and are present in netconf.C:
[Expert@R75-B]# ifconfig -a | grep -A 1 eth
eth0        Link encap:Ethernet  HWaddr 00:0C:29:13:5C:FC  
            inet addr:192.168.0.60  Bcast:192.168.0.255  Mask:255.255.255.0
--
eth1        Link encap:Ethernet  HWaddr 00:0C:29:13:5C:06  
            inet addr:1.1.1.1  Bcast:1.1.1.255  Mask:255.255.255.0
--
eth2        Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10  
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
--
eth2:2      Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10  
            inet addr:10.2.2.1  Bcast:10.2.2.255  Mask:255.255.255.0
--
eth2:3      Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10  
            inet addr:10.3.3.1  Bcast:10.3.3.255  Mask:255.255.255.0
--
eth2:4      Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10  
            inet addr:10.4.4.1  Bcast:10.4.4.255  Mask:255.255.255.0
--
eth2:5      Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10  
            inet addr:10.5.5.1  Bcast:10.5.5.255  Mask:255.255.255.0
--
eth2:6      Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10  
            inet addr:10.6.6.1  Bcast:10.6.6.255  Mask:255.255.255.0
--
eth2:7      Link encap:Ethernet  HWaddr 00:0C:29:13:5C:10  
            inet addr:10.7.7.1  Bcast:10.7.7.255  Mask:255.255.255.0

etc....

You can see them via sysconfig:
Choose a connection to display ('e' to exit):
------------------------------------------------------------------
1) eth0       4) eth2:10   7) eth2:13  10) eth2:3   13) eth2:6
2) eth1       5) eth2:11   8) eth2:14  11) eth2:4   14) eth2:7
3) eth2       6) eth2:12   9) eth2:2   12) eth2:5   15) eth2:8
------------------------------------------------------------------
(Note: configuration changes are automatically saved)

And it's in netconf.C:
[Expert@R75-B]# cat /etc/sysconfig/netconf.C | grep -B 1 -A 6 eth2:6
                : (conn
                        :ifname ("eth2:6")
                        :type (3)
                        :ipaddr ("10.6.6.1/24")
                        :onboot (1)
                        :depend-on (eth2)
                        :s-code (0)
                )

You might find this useful in combination with my  route rebuild scripts located here:

Route rebuild scripts for SPLAT+GAIA

Hopefully some of you get some use out of this! :)




Posted by at
Labels:

7 comments:

  1. OScar27 February 2013 at 07:08

    What do you mean with this line?
    sed -i -r 's/^(eth[0-9]+)\./\1:/' $logfile

    Your sript works with subinterfaces, not with VLAN interfaces.

    ReplyDelete
  2. Unknown27 February 2013 at 11:19

    Actually, I apparently didn't push the latest one to github... It should work on both now properly :)

    ReplyDelete
  3. Unknown27 February 2013 at 11:21

    Edit: Changes were made to both, so you'll want to grab the latest copies

    ReplyDelete
  4. OScar28 February 2013 at 02:47

    You also need to mention that this will not work for old UTM-1 appliances, because they use "Lan1", "Lan2" etc naming of interfaces, but you still can use text editor to Find&Replace Lan1 to eth0, Lan2 to eth1 in "interfaces.txt" file for example.
    Why do you use grep -v "eth.\." to interface line? After export you will have only interface lines, why we need to grep it? If you remove this line you can use this script with other namings of interfaces (like Lan1, Lan2 etc as aboce).

    ReplyDelete
  5. Unknown28 February 2013 at 07:27

    I think it's pretty evident that it won't work on those old devices. You can just rename the alias' to something logical on those anyways.

    As for grep -v "eth.\.", it's not doing what you think it's doing... It's explicitly removing lines that start eth.. , which is of course our VLANs...The code for VLAN creation uses normal grep without the -v

    Brush up on your bash scripting before you ask me to make modifications please :)

    ReplyDelete
  6. michiganf4n21 July 2015 at 11:14

    You mention that the recreation script will not work for interfaces above eth9. Does this include interfaces on add-in cards? (i.e. eth3-01, etc.) I have a change coming up where I have to migrate about 50 VLAN interfaces from eth2-02 to eth3-02. Will the recreation script work on eth3-02, or am I stuck recreating these interfaces manually?

    ReplyDelete
  7. Unknown24 July 2015 at 14:45

    Works on my gear - just run a quick test.

    ReplyDelete

Subscribe to: Post Comments (Atom)