diff options
| -rw-r--r-- | dan/ele-mur.yml | 13 | ||||
| -rw-r--r-- | inventory/group_vars/elevate-festival/main.yml | 6 | ||||
| -rw-r--r-- | inventory/host_vars/ch-atlas.yml | 3 | ||||
| -rw-r--r-- | inventory/host_vars/ele-mur.yml | 3 | ||||
| -rw-r--r-- | inventory/host_vars/ele-tub.yml | 58 |
5 files changed, 83 insertions, 0 deletions
diff --git a/dan/ele-mur.yml b/dan/ele-mur.yml index 2dd22293..9da81b2f 100644 --- a/dan/ele-mur.yml +++ b/dan/ele-mur.yml @@ -5,3 +5,16 @@ - role: base - role: sshd - role: zsh + post_tasks: + - name: install interface config for guest vlan + copy: + content: | + auto funkfeuer0 + iface funkfeuer0 inet static + address {{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets[inventory_hostname]) | ipaddr('address/prefix') }} + up ip route add {{ network_zones.funkfeuer.prefix | ipaddr('network/prefix') }} via {{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets['ele-tub']) | ipaddr('address') }} + up iptables -t nat -A POSTROUTING -s {{ network_zones.funkfeuer.prefix | ipaddr('network/prefix') }} -o {{ ansible_default_ipv4.interface }} -j SNAT --to {{ ansible_default_ipv4.address }} + up sysctl net.ipv4.ip_forward=1 + down iptables -t nat -D POSTROUTING -s {{ network_zones.funkfeuer.prefix | ipaddr('network/prefix') }} -o {{ ansible_default_ipv4.interface }} -j SNAT --to {{ ansible_default_ipv4.address }} + down ip route del {{ network_zones.funkfeuer.prefix | ipaddr('network/prefix') }} via {{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets['ele-tub']) | ipaddr('address') }} + dest: /etc/network/interfaces.d/funkfeuer0 diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml index fe8ff1a8..8088b82e 100644 --- a/inventory/group_vars/elevate-festival/main.yml +++ b/inventory/group_vars/elevate-festival/main.yml @@ -206,6 +206,12 @@ network_zones: dns: - 10.12.0.10 + murat_transfer: + prefix: 172.31.255.0/24 + offsets: + ele-tub: 1 + ele-mur: 254 + datacop_lte: vlan: 512 prefix: 100.64.0.0/24 diff --git a/inventory/host_vars/ch-atlas.yml b/inventory/host_vars/ch-atlas.yml index 40d10fbd..f86af753 100644 --- a/inventory/host_vars/ch-atlas.yml +++ b/inventory/host_vars/ch-atlas.yml @@ -20,3 +20,6 @@ vm_host: s2-k8s-test1: 8 r3-vex2: 11 k8stest: {} + funkfeuer: + interfaces: + - eth0.502 diff --git a/inventory/host_vars/ele-mur.yml b/inventory/host_vars/ele-mur.yml index 33269fdf..db1d90a2 100644 --- a/inventory/host_vars/ele-mur.yml +++ b/inventory/host_vars/ele-mur.yml @@ -21,6 +21,9 @@ install: - bridge: br-public name: primary0 mac: 52:54:00:37:fd:8a + - bridge: br-funkfeuer + name: funkfeuer0 + mac: 52:54:00:37:fd:8b autostart: False network: diff --git a/inventory/host_vars/ele-tub.yml b/inventory/host_vars/ele-tub.yml index 00d24b54..6a8e1dca 100644 --- a/inventory/host_vars/ele-tub.yml +++ b/inventory/host_vars/ele-tub.yml @@ -43,6 +43,50 @@ openwrt_mixin: /etc/htoprc: file: "{{ global_files_dir }}/common/htoprc" + /etc/rc.local: | + # Put your custom commands here that should be executed once + # the system init finished. By default this file does nothing. + + PUBLIC_IP=193.33.151.58 # Hier die zugewiesene public IP eintragen + PUBLIC_GW=10.12.34.56 + + ip tunnel add public mode ipip remote $PUBLIC_GW local $PUBLIC_IP ttl 255 + ip link set public up + ip addr add $PUBLIC_IP dev public + ip route add default dev public table default + + ip rule add from all lookup 111 pref 20000 + ip rule add from all lookup main pref 30000 + ip rule del pref 32766 + + UHRTURM_IF=$(uci get network.uhrturm.ifname) + ip rule add iif "$UHRTURM_IF" lookup 120 pref 31000 + ip route add default via {{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets['ele-mur']) | ipaddr('address') }} table 120 + + iptables -t nat -A POSTROUTING -o public -j MASQUERADE + iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o public -j TCPMSS --clamp-mss-to-pmtu + + source /lib/functions/network.sh + + i=0 + while iface="$( uci -q get olsrd.@Interface[$i].interface )"; do + case "$( uci -q get olsrd.@Interface[$i].ignore )" in + 1|on|true|enabled|yes) + # is disabled + ;; + *) + if network_get_device device "$iface"; then + ip rule add iif $device pref $(( i + 32000 )) lookup 112 + else + echo "Warning: device for OLSR Interface '$interface' not found, skipped" + fi + ;; + esac + i=$(( $i + 1 )) + done + + exit 0 + openwrt_uci: system: @@ -103,6 +147,18 @@ openwrt_uci: netmask: 255.255.0.0 dns: "{{ network_zones.funkfeuer.dns }}" + - name: interface 'murattransfer' + options: + ifname: eth2 + proto: static + ipaddr: "{{ network_zones.murat_transfer.prefix | ipaddr(network_zones.murat_transfer.offsets[inventory_hostname]) | ipaddr('address') }}" + netmask: "{{ network_zones.murat_transfer.prefix | ipaddr('netmask') }}" + + - name: interface 'public' + options: + ifname: public + proto: none + olsrd: - name: olsrd options: @@ -113,6 +169,7 @@ openwrt_uci: OlsrPort: '698' UseNiit: 'no' SmartGateway: 'no' + MainIp: 10.12.91.28 - name: LoadPlugin options: @@ -127,6 +184,7 @@ openwrt_uci: options: interface: - ff + IPv4Src: 10.12.91.28 - name: Hna4 options: |