Shorewall and Dnsmasql rules/config generator

Hi all, I just written nodejs script which generates shorewall rules and dnsmasq dhcp reservations. It’s not node package yet, but I like to share and have your feedback. You can find it here

I also want to write some how to configure shorewall and dnsmasq for private network.

Feel free to ask what ever.

Hello Feldsam,
thanks it seems that’s what i’m looking for.
How can i add it in my opennebula server ?
Best regards,

Hello, you need to setup own linux router with shorewall, look at how tos about that. For ex.

My nodejs script generates DNAT rules to separate file, so you need load it to shorewall rules file by shell exec

SHELL cat /path/to/DNAT.rules

You also should be familiar with nodejs, my script by default use this zone names: net for public and prv for private network

Integration with opennebul ais via xml-rpc API, so you just set correct username and password. It read VM user template variables.

Hi Feldsam
thanks for your reply,
in fact my question was Howto integrate your JS script with Opennebula ? Or should i just call it outside of Opennebula ?
Best regards,

I see :slight_smile: yes, you have to just call it on router node, best way is add to crontab and run every minute. It communicate with opennebula just over xml-rcp api.

It read all running VMs and search for PORTFORWARD variable in User template. Them generate rules. Also, it generate dhcp leases for dnsmasq

Also you have to execute shorewall service reload and dnsmasq service reload. Look at lines 25 and 34, that console.log should be replace by if(updated){ do something; } for example you can use shelljs node package, load it by require("shelljs/global"); and call exec('systemctl reload shorewall') or something like that.

lol … The level is still high for me :slight_smile:
need to do current_Level-5 to get mine.

  1. i have Opennebula running fine
  2. I have deployed some VMs
  3. I need to be able to define some portforwarding that will be activated after VM deployment
  4. You script is giving a solution acceptable for me :slight_smile: (many thanks)
  5. I need now to know:
    5.1 Should i git clone your script anywhere ?
    5.2 After i git clone it, how to call/run it ? Is it by calling it in html ? in bash ? or …?
    5.3 Remember I never did something with nodeJS :frowning:

Best regards,

Hi, so it is bad for you. Nodejs is server-side JS, so you run it from bash. Just by calling node somescript.js. If you want use it, you should get familiar with nodejs

You can git clone it, but you have to do modifications in source code, so better will be download zip, unpack it.

For test, procedure should be:

install nodejs and npm to you linux machine
download an unpack zip
cd into unpacked source code and run npm install - it install dependencies
open index.js and edit line 8 - set your oneadmin password and url of frontend
run node index.js
two files should be created shorewallRules and dhcpConf
If all is without errors, you can try to add PORTFORWARD variable to VM.USER_TEMPLATE - so open some running VM instance and add new variable at the bottom of VM page. For example you can just forward port 80/tcp, so as variable value u set 80/tcp
run again node index.js
look at generated file cat shorewallRules and you should see generated DNAT rule

After test, you can adjust config variables in index.js file, like IP addresses, reserved ports, file paths… and include rules file in shorewall rules file by SHELL cmd…

I got it from :

I was looking for :

navigate to where you saved your script

     node script.js

this will run it.

Just noticed the “#!/usr/local/bin/node” part :wink: :slight_smile:

Don’t worry, i’m used to start from Zero on things more complex :slight_smile:
I’ve just seen your mail, i did that and i receved this error:
TypeError: Cannot call method ‘split’ of undefined
at Object.toInt [as toLong] (/var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/ip/lib/ip.js:364:6)
at /var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/index.js:342:26
at /var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/lib/vnet.js:9:5
at /var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/lib/modem.js:31:9
at Parser. (/var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/node_modules/xml2js/lib/xml2js.js:384:20)
at Parser.EventEmitter.emit (events.js:95:17)
at Object.onclosetag (/var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/node_modules/xml2js/lib/xml2js.js:348:26)
at emit (/var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/node_modules/xml2js/node_modules/sax/lib/sax.js:615:33)
at emitNode (/var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/node_modules/xml2js/node_modules/sax/lib/sax.js:620:3)
at closeTag (/var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/node_modules/xml2js/node_modules/sax/lib/sax.js:861:5)
at Object.write (/var/lib/one/utils/one-shorewall-dnsmasq-rules-generator/node_modules/opennebula/node_modules/xml2js/node_modules/sax/lib/sax.js:1294:29)

Trying to resolv it …
Thanks again

Hello, so disable generation of dhcp config. Delete lines from 19 to 26.

Thanks Feldsam,
everything is fine now,
just need to cron it now.
Best regards

So crontab -e and add line:

* * * * * /path/to/node /path/to/script.js

You should find useful my other nodejs script/package for monitoring websites.

Thanks for the guidings and links
from now i can find the way :slight_smile:
Best regards,