undersys/frankenrouter
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

temporary allow cross-connection

Browse source
This commit is contained in:
deflax 2018-03-21 15:01:08 -04:00
parent d2f8936e84
commit 30630a4828
2 changed files with 12 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
config.sh.dist
View file

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
PUBIF=ens18 PUBIF=ens18
TRANSPORT_IP="87.120.110.252/24" TRANSPORT_IP="1.2.3.4/24"
TRANSPORT_GW="87.120.110.1" TRANSPORT_GW="1.2.3.1"
APIHOST="www.datapoint.bg" APIHOST="www.api.tld"
LABEL="lexx" LABEL="routername"

17
frankenrouter.py
View file

@ -30,7 +30,6 @@ SYSCTL="/sbin/sysctl -w"
# Internet Interface # Internet Interface
INET_IFACE="ens18" INET_IFACE="ens18"
INET_ORB="87.120.110.11"
# Localhost Interface # Localhost Interface
LO_IFACE="lo" LO_IFACE="lo"
@ -197,7 +196,8 @@ echo "Process INPUT chain ..."
$IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT $IPT -A INPUT -p ALL -i $LO_IFACE -j ACCEPT
$IPT -A INPUT -p ALL -j bad_packets $IPT -A INPUT -p ALL -j bad_packets
#INPUT index: 3 #INPUT index: 3
$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT #$IPT -A INPUT -p ALL -i $INET_IFACE -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p ALL -i $INET_IFACE -j ACCEPT
$IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound $IPT -A INPUT -p TCP -i $INET_IFACE -j tcp_inbound
$IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound $IPT -A INPUT -p UDP -i $INET_IFACE -j udp_inbound
$IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets $IPT -A INPUT -p ICMP -i $INET_IFACE -j icmp_packets
@ -218,9 +218,6 @@ $IPT -A OUTPUT -p ALL -o $LO_IFACE -j ACCEPT
$IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT $IPT -A OUTPUT -p ALL -o $INET_IFACE -j ACCEPT
$IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP " $IPT -A OUTPUT -j LOG --log-prefix "fp=OUTPUT:99 a=DROP "
###############################################################################
#$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
""" """
return data return data
@ -252,6 +249,7 @@ subnet 10.0.{0}.0 netmask 255.255.255.0 {{
""".format(vlanid) """.format(vlanid)
writefile('/root/fr-vlanconf/v{0}.dhconf'.format(vlanid), dhcpconf_template) writefile('/root/fr-vlanconf/v{0}.dhconf'.format(vlanid), dhcpconf_template)
data += """ data += """
### VLAN {0} ### VLAN {0}
echo "setting up vlan: {0}" echo "setting up vlan: {0}"
@ -263,11 +261,11 @@ ip link add link {1} name {1}.{0} type vlan id {0}
ip link set dev {1}.{0} up ip link set dev {1}.{0} up
ip addr add 10.0.{0}.1/24 dev {1}.{0} ip addr add 10.0.{0}.1/24 dev {1}.{0}
$IPT -I INPUT 3 -p ALL -i {1}.{0} -d 10.0.{0}.255 -j ACCEPT #$IPT -I INPUT 3 -p ALL -i {1}.{0} -d 10.0.{0}.255 -j ACCEPT
$IPT -I INPUT 3 -p ALL -i {1}.{0} -s 10.0.{0}.0/24 -j ACCEPT $IPT -I INPUT 3 -p ALL -i {1}.{0} -s 10.0.{0}.0/24 -j ACCEPT
#$IPT -I FORWARD 3 -p ALL -i {1}.{0} -j ACCEPT $IPT -I FORWARD 3 -p ALL -i {1}.{0} -s 10.0.{0}.10 -j ACCEPT
#$IPT -I FORWARD 3 -p ALL -i $INET_IFACE -o {1}.{0} -d 10.0.{0}.10 -m state --state NEW -j ACCEPT #$IPT -I FORWARD 3 -p ALL -i {1}.{0} -o $INET_IFACE -s 10.0.{0}.10 -j ACCEPT
$IPT -I FORWARD 3 -p ALL -i {1}.{0} -o $INET_IFACE -s 10.0.{0}.10 -j ACCEPT ##$IPT -I FORWARD 3 -p ALL -i $INET_IFACE -o {1}.{0} -d 10.0.{0}.10 -m state --state NEW -j ACCEPT
$IPT -I OUTPUT 3 -p ALL -o {1}.{0} -j ACCEPT $IPT -I OUTPUT 3 -p ALL -o {1}.{0} -j ACCEPT
touch /root/fr-vlanconf/v{0}.dhpid touch /root/fr-vlanconf/v{0}.dhpid
@ -285,6 +283,7 @@ $IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT $IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -F $IPT -t nat -F
$IPT -t nat -X $IPT -t nat -X
#$IPT -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
""" """
for ip, vlan in cache.items(): for ip, vlan in cache.items():
data += """ data += """