diff options
| -rw-r--r-- | inventory/group_vars/elevate-festival/vars.yml | 23 | ||||
| -rw-r--r-- | inventory/host_vars/ele-tub.yml | 49 |
2 files changed, 43 insertions, 29 deletions
diff --git a/inventory/group_vars/elevate-festival/vars.yml b/inventory/group_vars/elevate-festival/vars.yml index 3fea4df6..9344c7a6 100644 --- a/inventory/group_vars/elevate-festival/vars.yml +++ b/inventory/group_vars/elevate-festival/vars.yml @@ -6,7 +6,7 @@ network_zones: prefix: 192.168.18.0/24 gateway: 192.168.18.254 dns: - - 192.168.18.254 + - 192.168.18.254 dhcp: start: 1 limit: 199 @@ -35,7 +35,7 @@ network_zones: prefix: 192.168.20.0/24 gateway: 192.168.20.254 dns: - - 192.168.20.254 + - 192.168.20.254 dhcp: start: 1 limit: 199 @@ -53,7 +53,7 @@ network_zones: prefix: 192.168.23.0/24 gateway: 192.168.23.254 dns: - - 192.168.23.254 + - 192.168.23.254 dhcp: start: 1 limit: 240 @@ -141,6 +141,7 @@ network_zones: ### Other ele-mon: 220 + ele-tub: 240 datacop: 249 equinox-t450s: 250 ele-router: 254 @@ -152,7 +153,7 @@ network_zones: prefix: 192.168.48.0/24 gateway: 192.168.48.254 dns: - - 192.168.48.254 + - 192.168.48.254 offsets: companion: 42 kuschelbaer: 48 @@ -178,7 +179,7 @@ network_zones: prefix: 192.168.73.0/24 gateway: 192.168.73.254 dns: - - 192.168.73.254 + - 192.168.73.254 dhcp: start: 100 limit: 199 @@ -201,8 +202,8 @@ network_zones: prefix: 85.237.2.96/28 gateway: 85.237.2.97 dns: - - 217.29.144.65 - - 217.29.144.66 + - 217.29.144.65 + - 217.29.144.66 offsets: ## citycom uses offset 1,2 and 3 ele-router: 4 # 85.237.2.100 @@ -214,8 +215,8 @@ network_zones: prefix: 85.237.28.192/28 gateway: 85.237.28.193 dns: - - 217.29.144.65 - - 217.29.144.66 + - 217.29.144.65 + - 217.29.144.66 offsets: ## citycom uses offset 1,2 and 3 ele-helene: 4 # 85.237.28.196 @@ -237,10 +238,10 @@ network_zones: vlan: 511 prefix: 10.12.241.128/28 gateway: 10.12.241.142 + dns: + - 10.12.0.10 offsets: ele-tub: 14 - dns: - - 10.12.0.10 murat_transfer: description: "transfer network for upstream via mur.at" diff --git a/inventory/host_vars/ele-tub.yml b/inventory/host_vars/ele-tub.yml index 4ab8ae70..47c06223 100644 --- a/inventory/host_vars/ele-tub.yml +++ b/inventory/host_vars/ele-tub.yml @@ -46,17 +46,35 @@ openwrt_mixin: /etc/htoprc: file: "{{ global_files_dir }}/common/htoprc" - /etc/rc.local: + /etc/rc.d/S22network-fw: + link: "../init.d/network-fw" + + /etc/rc.d/K92network-fw: + link: "../init.d/network-fw" + + /etc/init.d/network-fw: + mode: "0755" content: | - # Put your custom commands here that should be executed once - # the system init finished. By default this file does nothing. + #!/bin/sh /etc/rc.common + + START=22 + STOP=91 - ip rule add pref 42000 lookup default - ip rule del pref 32767 - ip route add default via {{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets['ele-mur']) | ipaddr('address') }} table 172 - ip rule add pref 33000 from {{ network_zones.funkfeuer.prefix }} lookup 172 + start() { + FF_IF=$(uci get network.ff.ifname) + FFSUBNET_IF=$(uci get network.ffsubnet.ifname) + FFSUBNET_IPADDR=$(uci get network.ffsubnet.ipaddr) + FFSUBNET_NETMASK=$(uci get network.ffsubnet.netmask) - exit 0 + iptables -A FORWARD -i "$FFSUBNET_IF" -o "$FF_IF" -s "$FFSUBNET_IPADDR/$FFSUBNET_IPADDR" -j ACCEPT + iptables -A FORWARD -i "$FF_IF" -o "$FFSUBNET_IF" -d "$FFSUBNET_IPADDR/$FFSUBNET_IPADDR" -j ACCEPT + iptables -P FORWARD DROP + } + + stop() { + iptables -P FORWARD ACCEPT + iptables -F FORWARD + } openwrt_uci: @@ -98,12 +116,14 @@ openwrt_uci: ipaddr: 127.0.0.1 netmask: 255.0.0.0 - - name: interface 'unused' + - name: interface 'mgmt' options: ifname: eth0 - proto: none + proto: static + ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}" + netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}" - - name: interface 'uhrturm' + - name: interface 'ffsubnet' options: ifname: eth1 proto: static @@ -118,13 +138,6 @@ openwrt_uci: netmask: 255.255.0.0 dns: "{{ network_zones.funkfeuer.dns }}" - - name: interface 'murattransfer' - options: - ifname: eth2 - proto: static - ipaddr: "{{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets[inventory_hostname]) | ipaddr('address') }}" - netmask: "{{ network_zones.murat_transfer.prefix | ipaddr('netmask') }}" - olsrd: - name: olsrd options: |