# web server address (perimeter network)
define WS_PERIMETER_IPV4 = 192.168.173.249
-define WS_PERIMETER_IPV6 = 2a02:d400:0000:f2ad:000c:18ff:fe03:adf9
+define WS_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:adf9
# subversion server address (perimeter network)
define SVN_PERIMETER_IPV4 = 192.168.173.212
-define SVN_PERIMETER_IPV6 = 2a02:d400:0000:f2ad:000c:18ff:fe03:add4
+define SVN_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:add4
# perimeter name server address (perimeter network)
define PNS_PERIMETER_IPV4 = 192.168.173.174
-define PNS_PERIMETER_IPV6 = 2a02:d400:0000:f2ad:000c:18ff:fe03:adae
+define PNS_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:adae
# mercurial server address (perimeter network)
define HG_PERIMETER_IPV4 = 192.168.173.87
-define HG_PERIMETER_IPV6 = 2a02:d400:0000:f2ad:000c:18ff:fe03:ad57
+define HG_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad57
# git server address (perimeter network)
define GIT_PERIMETER_IPV4 = 192.168.173.79
-define GIT_PERIMETER_IPV6 = 2a02:d400:0000:f2ad:000c:18ff:fe03:ad4f
+define GIT_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad4f
# external name server address (perimeter network)
define ENS_PERIMETER_IPV4 = 192.168.173.64
-define ENS_PERIMETER_IPV6 = 2a02:d400:0000:f2ad:000c:18ff:fe03:ad40
+define ENS_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad40
# ifg address (perimeter network)
define IFG_PERIMETER_IPV4 = 192.168.173.1
+define IFG_PERIMETER_IPV6 = 2001:1aa1:000a:00ad:000c:18ff:fe03:ad01
# ifg addresses (internal network)
define IFG_INTERNAL_IPV4 = 10.228.109.254
-define IFG_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6dfe
+define IFG_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6dfe
define IFG_SR_IPV4 = 192.168.42.254
define IFG_IN_IPV4 = 192.168.43.254
# store address (internal network)
define STORE_INTERNAL_IPV4 = 10.228.109.250
-define STORE_INTERNAL_IPV6 = 2a02:d400:0000:f268:da9d:67ff:fe63:dc68
+define STORE_INTERNAL_IPV6 = 2001:1aa1:000a:0424:da9d:67ff:fe63:dc68
# wiki server address (internal network)
define WIKI_INTERNAL_IPV4 = 10.228.109.239
-define WIKI_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6def
+define WIKI_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6def
# vpn address (internal network)
define VPN_INTERNAL_IPV4 = 10.228.109.236
# source name server address (internal network)
define SNS_INTERNAL_IPV4 = 10.228.109.204
-define SNS_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6dcc
+define SNS_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6dcc
# public key infrastructure server address (internal network)
define PKI_INTERNAL_IPV4 = 10.228.109.171
# name server 1 address (internal network)
define NS1_INTERNAL_IPV4 = 10.228.109.159
-define NS1_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6d9f
+define NS1_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6d9f
# minicrm address (internal network)
define MINICRM_INTERNAL_IPV4 = 10.228.109.133
# fedora directory server address (internal network)
define FDS_INTERNAL_IPV4 = 10.228.109.83
-define FDS_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6d53
+define FDS_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6d53
# fedora directory client address (internal network)
define FDC_INTERNAL_IPV4 = 10.228.109.67
-define FDC_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:6d43
+define FDC_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:6d43
# name server 2 address (internal network)
define NS2_INTERNAL_IPV4 = 10.228.92.159
-define NS2_INTERNAL_IPV6 = 2a02:d400:0000:f268:000c:18ff:fe03:5c9f
+define NS2_INTERNAL_IPV6 = 2001:1aa1:000a:0424:000c:18ff:fe03:5c9f
# dvredmine address (internal network)
define DVREDMINE_INTERNAL_IPV4 = 10.228.62.193
# internal networks
define INTERNAL_IPV4_NET = 10.228.0.0/16
-define INTERNAL_IPV6_NET = 2a02:d400:0000:f268::/64
+define INTERNAL_IPV6_NET = 2001:1aa1:000a:0424::/64
define SR_IPV4_NET = 192.168.42.0/24
define IN_IPV4_NET = 192.168.43.0/24
define INTERNAL_IPV4_NETS = { $INTERNAL_IPV4_NET, \
# perimeter network
define PERIMETER_NET = 192.168.173.0/24
-define PERIMETER_IPV6_NET = 2a02:d400:0000:f2ad::/64
+define PERIMETER_IPV6_NET = 2001:1aa1:000a:00ad::/64
-# vpn client networks
-define OVPN_NET = 172.16.223.0/24
-define WG_NET = 172.24.232.0/24
-define VPN_NETS = { $OVPN_NET, $WG_NET }
+# vpn client network
+define VPN_CLIENT_NET = 172.24.232.0/24
# peep-bo network
define PEEP_BO_NET = 10.162.0.0/16
################################
#define MX_PORTS = { 25, 110, 143, 465, 587, 993, 995 }
-define VPN_PORTS = { openvpn, 51820 }
+define VPN_PORT = 51820
################################
add rule ip ifg-filter forward \
ip protocol udp \
iifname $PERIMETER_IF ip saddr != $PERIMETER_NET udp sport 1024-65535 \
- oifname $INTERNAL_IF ip daddr $VPN_INTERNAL_IPV4 udp dport $VPN_PORTS \
+ oifname $INTERNAL_IF ip daddr $VPN_INTERNAL_IPV4 udp dport $VPN_PORT \
counter accept comment "Incoming VPN traffic"
add rule ip ifg-filter forward \
sleep 1
systemctl --quiet is-active NetworkManager.service
NM_RC=$?
-WAITED=0
+CYCLES_WAITED=0
while [ $NM_RC -ne 0 ]
do
+ if [ $CYCLES_WAITED -ge 10 ]
+ then
+ exit 1
+ fi
+ if [ $CYCLES_WAITED -eq 0 ]
+ then
+ echo -n "Waiting for NetworkManager"
+ fi
echo -n .
sleep 1
- WAITED=1
+ CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
systemctl --quiet is-active NetworkManager.service
NM_RC=$?
done
-[ $WAITED -eq 1 ] && echo
+[ $CYCLES_WAITED -gt 0 ] && echo
-# wait for two network connections
-CONNECTION_DEVICES_UP=$(nmcli --terse connection show | grep -v ':$' | wc -l)
+# wait for the three network connections to come up
+CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+ | grep --invert-match ':$' | wc -l)
CYCLES_WAITED=0
-while [ $CONNECTION_DEVICES_UP -lt 2 ]
+while [ $CONNECTION_DEVICES_UP -lt 3 ]
do
if [ $CYCLES_WAITED -ge 10 ]
then
nmcli connection show
exit 1
fi
+ if [ $CYCLES_WAITED -eq 0 ]
+ then
+ echo -n "Waiting for the network connections"
+ fi
+ echo -n .
sleep 1
CYCLES_WAITED=$(( $CYCLES_WAITED + 1 ))
- CONNECTION_DEVICES_UP=$(nmcli --terse connection show | grep -v ':$' | wc -l)
+ CONNECTION_DEVICES_UP=$(nmcli --terse connection show \
+ | grep --invert-match ':$' | wc -l)
done
+[ $CYCLES_WAITED -gt 0 ] && echo
CONNECTIONS=$(nmcli --terse connection show | wc -l)
-while [ $CONNECTIONS -gt 0 ]
-do
- CONNECTION_LINE=$(nmcli --terse connection show | head -n 1)
- CONNECTION_UUID=$(echo $CONNECTION_LINE | cut -f 2 -d ':')
- nmcli connection delete uuid "$CONNECTION_UUID"
- CONNECTIONS=$(nmcli --terse connection show | wc -l)
-done
+if [ $CONNECTIONS -ne 3 ]
+then
+ echo "Number of connections: $CONNECTIONS instead of 3" >&2
+ exit 1
+fi
+
+CONNECTION_LINE_IN=$(nmcli --terse connection show | grep ':eth0$')
+CONNECTION_LINE_PM=$(nmcli --terse connection show | grep ':eth1$')
+CONNECTION_UUID_IN=$(echo $CONNECTION_LINE_IN | cut -f 2 -d ':')
+CONNECTION_DEVICE_IN=$(echo $CONNECTION_LINE_IN | cut -f 4 -d ':')
+CONNECTION_UUID_PM=$(echo $CONNECTION_LINE_PM | cut -f 2 -d ':')
+CONNECTION_DEVICE_PM=$(echo $CONNECTION_LINE_PM | cut -f 4 -d ':')
-INTERNAL_DEVICE=eth0
-PM_DEVICE=eth1
+nmcli connection delete uuid "$CONNECTION_UUID_IN"
+nmcli connection delete uuid "$CONNECTION_UUID_PM"
-# ipv6.addresses "2a02:d400:0000:f268:000c:18ff:fe03:6dfe/64" \
-# ipv6.dns "2a02:d400:0000:f268:000c:18ff:fe03:6d9f, 2a02:d400:0000:f268:000c:18ff:fe03:5c9f" \
-# ipv6.dns-search "in.useribm.hu" \
-# ipv6.method "manual" \
nmcli connection add \
connection.autoconnect yes \
connection.id internal \
- connection.interface-name $INTERNAL_DEVICE \
+ connection.interface-name $CONNECTION_DEVICE_IN \
connection.type 802-3-ethernet \
ipv4.addresses "10.228.109.254/16, 192.168.42.254/24, 192.168.43.254/24" \
ipv4.dns "10.228.109.159, 10.228.92.159" \
ipv4.dns-search "in.useribm.hu" \
ipv4.method "manual" \
ipv4.routes "172.16.223.0/24 10.228.109.236, 172.24.232.0/24 10.228.109.236, 10.162.0.0/16 10.228.109.236" \
- ipv6.method "disabled" \
+ ipv6.addresses "2001:1aa1:000a:0424:000c:18ff:fe03:6dfe/64" \
+ ipv6.dns "2001:1aa1:000a:0424:000c:18ff:fe03:6d9f, 2001:1aa1:000a:0424:000c:18ff:fe03:5c9f" \
+ ipv6.dns-search "in.useribm.hu" \
+ ipv6.method "manual" \
save yes
-# ipv6.addresses "2a02:d400:0000:f2ad:000c:18ff:fe03:ad01/64" \
-# ipv6.gateway "2a02:d400:0000:f2ad:000c:18ff:fe03:adfe" \
-# ipv6.method "manual" \
nmcli connection add \
connection.autoconnect yes \
connection.id perimeter \
- connection.interface-name $PM_DEVICE \
+ connection.interface-name $CONNECTION_DEVICE_PM \
connection.type 802-3-ethernet \
ipv4.addresses "192.168.173.1/24" \
ipv4.gateway "192.168.173.254" \
ipv4.method "manual" \
- ipv6.method "disabled" \
+ ipv6.addresses "2001:1aa1:000a:00ad:000c:18ff:fe03:ad01/64" \
+ ipv6.gateway "2001:1aa1:000a:00ad:000c:18ff:fe03:adfe" \
+ ipv6.method "manual" \
save yes
nmcli connection show
-sysctl --load=/etc/sysctl.d/01_ipforward.conf
+hostnamectl hostname ifg.in.useribm.hu
+hostnamectl
+
+#sysctl --load=/etc/sysctl.d/01_ipforward.conf
https://git.useribm.hu / user-lxc.git / commitdiff