diff options
-rw-r--r-- | inventory/group_vars/elevate-festival/main.yml | 5 | ||||
-rw-r--r-- | inventory/host_vars/ele-router.yml | 80 |
2 files changed, 70 insertions, 15 deletions
diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml index 3dba4da5..013aef69 100644 --- a/inventory/group_vars/elevate-festival/main.yml +++ b/inventory/group_vars/elevate-festival/main.yml @@ -168,11 +168,16 @@ network_zones: ele-dione: 5 # 85.237.28.197 ele-laptop: 7 # 85.237.28.199 + forum_a1: + vlan: 502 + funkfeuer: vlan: 511 prefix: 10.12.241.128/28 gateway: 10.12.241.142 offsets: ele-tub: 14 + ele-br-uplink: 13 + ele-router: 12 dns: - 10.12.0.10 diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml index ed21ff36..4a552d7f 100644 --- a/inventory/host_vars/ele-router.yml +++ b/inventory/host_vars/ele-router.yml @@ -1,5 +1,4 @@ --- -network_wan_zone: "{{ network_zones.ccinet }}" network_mgmt_zone: "{{ network_zones.mgmt }}" network_internal_zone_names: - lan @@ -12,24 +11,65 @@ openwrt_network_external: - name: switch_vlan options: device: 'switch0' - ## for some reason vlan-id 128 does not work. why?? - # vlan: '{{ network_wan_zone.vlan }}' + ## for some reason vlan-id 502 does not work. why?? + vlan: '{{ network_zones.forum_a1.vlan }}' vlan: '1' - ports: '2 3 4 6t' + ports: '4 6t' - - name: interface 'wan' + - name: interface 'wanforum' options: - ## for some reason vlan-id 128 does not work. why?? - # ifname: 'eth0.{{ network_wan_zone.vlan }}' + ## for some reason vlan-id 502 does not work. why?? + #ifname: 'eth0.{{ network_zones.forum_a1.vlan }}' ifname: 'eth0.1' -# proto: dhcp + proto: dhcp + defaultroute: '0' ## see static route 'forumdefault' below + accept_ra: 0 + + - name: rule + options: + priority: 40000 + lookup: 101 + + - name: route 'forumdefault' + options: + interface: 'wanforum' + table: 101 + target: '0.0.0.0/0' + gateway: 192.168.0.254 ## A1 router @ForumStadtpark uses this address + + + - name: switch_vlan + options: + device: 'switch0' + ## for some reason vlan-id 502 does not work. why?? + #vlan: '{{ network_zones.funkfeuer.vlan }}' + vlan: '2' + ports: '3 6t' + + - name: interface 'wanff' + options: + ## for some reason vlan-id 502 does not work. why?? + #fname: 'eth0.{{ network_zones.funkfeuer.vlan }}' + ifname: 'eth0.2' proto: static - ipaddr: "{{ network_wan_zone.prefix | ipaddr(network_wan_zone.offsets[inventory_hostname]) | ipaddr('address') }}" - netmask: "{{ network_wan_zone.prefix | ipaddr('netmask') }}" - gateway: "{{ network_wan_zone.gateway }}" - dns: "{{ network_wan_zone.dns }}" + ipaddr: "{{ network_zones.funkfeuer.prefix | ipaddr(network_zones.funkfeuer.offsets[inventory_hostname]) | ipaddr('address') }}" + netmask: "{{ network_zones.funkfeuer.prefix | ipaddr('netmask') }}" accept_ra: 0 + - name: rule + options: + priority: 39000 + src: "{{ network_zones.funkfeuer.prefix | ipaddr(network_zones.funkfeuer.offsets[inventory_hostname]) | ipaddr('address') }}/32" + lookup: 102 + + - name: route 'ffdefault' + options: + interface: 'wanff' + table: 102 + target: '0.0.0.0/0' + gateway: "{{ network_zones.funkfeuer.gateway }}" + + openwrt_network_internal: "{{ openwrt_network_internal_yaml | from_yaml }}" openwrt_network_internal_yaml: | {% for zone_name in network_internal_zone_names %} @@ -82,9 +122,14 @@ openwrt_network_base: openwrt_dhcp_external: - - name: dhcp 'wan' + - name: dhcp 'wanforum' options: - interface: 'wan' + interface: 'wanforum' + ignore: '1' + + - name: dhcp 'wanff' + options: + interface: 'wanff' ignore: '1' openwrt_dhcp_internal: "{{ openwrt_dhcp_internal_yaml | from_yaml }}" @@ -185,7 +230,8 @@ openwrt_mixin: STOP=91 start() { - WAN_IF=$(uci get network.wan.ifname) + WAN_IF=$(uci get network.wanforum.ifname) + FF_IF=$(uci get network.wanff.ifname) MGMT_IF=$(uci get network.mgmt.ifname) MGMT_IPADDR=$(uci get network.mgmt.ipaddr) MGMT_NETMASK=$(uci get network.mgmt.netmask) @@ -199,6 +245,10 @@ openwrt_mixin: iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -i "$FF_IF" -p icmp -j ACCEPT + iptables -A INPUT -i "$FF_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT + iptables -A INPUT -i "$FF_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + for zone in "{{ network_internal_zone_names | join('" "') }}"; do interface=$(uci get "network.$zone.ifname") ipaddr=$(uci get "network.$zone.ipaddr") |