diff options
author | Christian Pointner <equinox@spreadspace.org> | 2019-01-07 23:01:32 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2019-01-07 23:01:32 +0100 |
commit | b8fc9d8888d73ab5d1fd625cb0b91aab4d2b26c2 (patch) | |
tree | bfdd248c3a0cae3d8e76bfbec116b8f421dcad87 | |
parent | further improved preseed disk selection (diff) |
fix ele-router config
-rw-r--r-- | inventory/group_vars/dolmetsch-ctl/main.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/ele-router.yml | 14 |
2 files changed, 10 insertions, 6 deletions
diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml index 8c1ace83..cd9255f8 100644 --- a/inventory/group_vars/dolmetsch-ctl/main.yml +++ b/inventory/group_vars/dolmetsch-ctl/main.yml @@ -77,7 +77,7 @@ openwrt_mixin: iptables -A INPUT -i "$MIXER_IF" -p icmp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT iptables -A INPUT -i "$MIXER_IF" -p udp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT iptables -A INPUT -i "$MIXER_IF" -p tcp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT - iptables -A INPUT -i "$MIXER_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -i "$MIXER_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -P INPUT DROP iptables -P FORWARD DROP diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml index c81e0b1d..5314c13b 100644 --- a/inventory/host_vars/ele-router.yml +++ b/inventory/host_vars/ele-router.yml @@ -12,12 +12,16 @@ openwrt_network_external: - name: switch_vlan options: device: 'switch0' - vlan: '{{ network_wan_zone.vlan }}' + ## for some reason vlan-id 91 does not work. why?? + # vlan: '{{ network_wan_zone.vlan }}' + vlan: '1' ports: '2 3 4 6t' - name: interface 'wan' options: - ifname: 'eth0.{{ network_wan_zone.vlan }}' + ## for some reason vlan-id 91 does not work. why?? + # ifname: 'eth0.{{ network_wan_zone.vlan }}' + ifname: 'eth0.1' proto: dhcp # proto: static # ipaddr: "{{ network_wan_zone.prefix | ipaddr(network_wan_zone.offsets[inventory_hostname]) | ipaddr('address') }}" @@ -192,7 +196,7 @@ openwrt_mixin: ### todo: limit the destination address? iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT iptables -A INPUT -i "$WAN_IF" -p tcp --dport 22000 -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT for zone in "{{ network_internal_zone_names | join('" "') }}"; do interface=$(uci get "network.$zone.ifname") @@ -207,11 +211,11 @@ openwrt_mixin: iptables -A INPUT -i "$interface" -p tcp --dport 53 -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT iptables -A INPUT -i "$interface" -p icmp -d "$ipaddr" -s "$ipaddr/$netmask" -j ACCEPT - iptables -A INPUT -i "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -i "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i "$interface" -o "$WAN_IF" -s "$ipaddr/$netmask" -j ACCEPT - iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A FORWARD -i "$WAN_IF" -o "$interface" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$ipaddr/$netmask" -j MASQUERADE done |