router(host): configure public (v4) network
All checks were successful
/ Ansible Lint (push) Successful in 4m20s
All checks were successful
/ Ansible Lint (push) Successful in 4m20s
This commit is contained in:
parent
f7306b91a6
commit
291ebce943
SSH key fingerprint:
SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
4 changed files with 40 additions and 6 deletions
|
|
@ -7,14 +7,19 @@ define if_net1_v4_wan = "net1"
|
||||||
define if_net2_v6_wan = "net2"
|
define if_net2_v6_wan = "net2"
|
||||||
define if_net0_2_v4_nat = "net0.2"
|
define if_net0_2_v4_nat = "net0.2"
|
||||||
define if_net0_3_ci_runner = "net0.3"
|
define if_net0_3_ci_runner = "net0.3"
|
||||||
|
define if_net0_5_public = "net0.5"
|
||||||
|
|
||||||
# Interface Groups
|
# Interface Groups
|
||||||
define wan_ifs = { $if_net1_v4_wan,
|
define wan_ifs = { $if_net1_v4_wan,
|
||||||
$if_net2_v6_wan }
|
$if_net2_v6_wan }
|
||||||
define lan_ifs = { $if_net0_2_v4_nat,
|
define lan_ifs = { $if_net0_2_v4_nat,
|
||||||
$if_net0_3_ci_runner }
|
$if_net0_3_ci_runner,
|
||||||
# define v4_exposed_ifs = { }
|
$if_net0_5_public }
|
||||||
define v6_exposed_ifs = { $if_net0_2_v4_nat }
|
define v4_exposed_ifs = { $if_net0_5_public }
|
||||||
|
define v6_exposed_ifs = { $if_net0_2_v4_nat,
|
||||||
|
$if_net0_5_public }
|
||||||
|
define v4_nat_ifs = { $if_net0_2_v4_nat,
|
||||||
|
$if_net0_3_ci_runner }
|
||||||
|
|
||||||
|
|
||||||
## Rules
|
## Rules
|
||||||
|
|
@ -73,7 +78,7 @@ table ip v4nat {
|
||||||
chain postrouting {
|
chain postrouting {
|
||||||
type nat hook postrouting priority srcnat; policy accept;
|
type nat hook postrouting priority srcnat; policy accept;
|
||||||
|
|
||||||
oifname $if_net1_v4_wan masquerade
|
iifname $v4_nat_ifs oifname $if_net1_v4_wan masquerade
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -89,7 +94,7 @@ table inet forward {
|
||||||
meta nfproto ipv4 iifname $lan_ifs oifname $if_net1_v4_wan accept comment "allow v4 internet access"
|
meta nfproto ipv4 iifname $lan_ifs oifname $if_net1_v4_wan accept comment "allow v4 internet access"
|
||||||
|
|
||||||
# Allow access to exposed networks from internet.
|
# Allow access to exposed networks from internet.
|
||||||
# meta nfproto ipv4 oifname $v4_exposed_ifs accept comment "allow v4 exposed network access"
|
meta nfproto ipv4 oifname $v4_exposed_ifs accept comment "allow v4 exposed network access"
|
||||||
meta nfproto ipv6 oifname $v6_exposed_ifs accept comment "allow v6 exposed network access"
|
meta nfproto ipv6 oifname $v6_exposed_ifs accept comment "allow v6 exposed network access"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
[NetDev]
|
||||||
|
Name=net0.5
|
||||||
|
Kind=vlan
|
||||||
|
|
||||||
|
[VLAN]
|
||||||
|
Id=5
|
||||||
|
|
@ -7,6 +7,6 @@ RequiredForOnline=no
|
||||||
[Network]
|
[Network]
|
||||||
VLAN=net0.2
|
VLAN=net0.2
|
||||||
VLAN=net0.3
|
VLAN=net0.3
|
||||||
|
VLAN=net0.5
|
||||||
|
|
||||||
LinkLocalAddressing=no
|
LinkLocalAddressing=no
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,23 @@
|
||||||
|
[Match]
|
||||||
|
Name=net0.5
|
||||||
|
Type=vlan
|
||||||
|
|
||||||
|
[Link]
|
||||||
|
RequiredForOnline=no
|
||||||
|
|
||||||
|
[Network]
|
||||||
|
Description=public
|
||||||
|
|
||||||
|
# Masquerading done in nftables (nftables.conf).
|
||||||
|
IPv6SendRA=yes
|
||||||
|
|
||||||
|
[Address]
|
||||||
|
Address=212.12.50.209/29
|
||||||
|
|
||||||
|
[IPv6SendRA]
|
||||||
|
UplinkInterface=net2
|
||||||
|
|
||||||
|
[IPv6Prefix]
|
||||||
|
Prefix=2a00:14b0:42:105::/64
|
||||||
|
Assign=true
|
||||||
|
Token=static:::1
|
||||||
Loading…
Add table
Add a link
Reference in a new issue