File: vnetbuild-simple.conf

package info (click to toggle)
firehol 3.1.7%2Bds-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 2,768 kB
  • sloc: sh: 20,852; makefile: 827; perl: 554; sed: 12
file content (60 lines) | stat: -rw-r--r-- 2,267 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
#
# Simple vnetbuild config with one namespace representing the firewall,
# one representing the ISP and the whole internet behind it and a few
# more representing hosts on a LAN.
#
# Start namespace:
#   sudo vnetbuild vnetbuild-simple.conf start
#
# Ping from a host on the LAN to an internet address (served by ISP)
#   sudo ip netns exec host01 ping 192.0.2.1
# Ping from an internet address (served by ISP) to a host on the LAN:
#   sudo ip netns exec isp ping -I 192.0.2.1 10.0.0.2
# IPv6 Ping from host on the LAN to firewall on link local
#   sudo ip netns exec host01 ping6 fe80::2:1%veth0
# IPv6 Ping from host on the LAN to an internet address (served by ISP)
#   sudo ip netns exec host01 ping6 2001:eeee::1
# Block all traffic through firewall by invoking firehol in the namespace:
#   sudo ip netns exec firewall firehol panic
# Clear the firewall with firehol to re-enable the traffic:
#   sudo ip netns exec firewall firehol stop
#

host firewall
  dev ppp0 192.168.1.1/30 fe80::1:1/64 2001:bbbb::1/64
  dev veth0 10.0.0.254/8 fe80::2:1/64
  route default via 192.168.1.2
  route default via fe80::1:2 dev ppp0
  route 2001:aaaa::/64 via fe80::1111:1 dev veth0
  exec echo 1 > /proc/sys/net/ipv4/ip_forward
  exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
  exec sed 's:/var/log/ulog/syslogemu.log:/var/log/ulog/firewall.log:' /etc/ulogd.conf > $NSTMP/ulogd.conf
  exec /usr/sbin/ulogd -d -c $NSTMP/ulogd.conf

host isp
  dev ppp0wan firewall/ppp0 192.168.1.2/30 192.0.2.1/24 198.51.100.1/24 203.0.113.1/24 2001:eeee::1/64 fe80::1:2/64
  route default via 192.168.1.1
  route default via fe80::1:1 dev ppp0wan
  exec echo 1 > /proc/sys/net/ipv4/ip_forward
  exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

host host01
  dev veth0 10.0.0.1/8 fe80::1111:1/64 2001:aaaa::1/64
  route default via 10.0.0.254
  route default via fe80::2:1 dev veth0

host host02
  dev veth0 10.0.0.2/8 fe80::1111:2/64 2001:aaaa::2/64
  route default via 10.0.0.254
  route default via fe80::2:1 dev veth0

host host03 fe80::3/64
  dev veth0 10.0.0.2/8 fe80::1111:3/64 2001:aaaa::3/64
  route default via 10.0.0.254
  route default via fe80::2:1 dev veth0

switch lan
  dev d01 firewall/veth0
  dev d02 host01/veth0
  dev d03 host02/veth0
  dev d04 host03/veth0