1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
|
#
# Simple vnetbuild config with one namespace representing the firewall,
# one representing the ISP and the whole internet behind it and a few
# more representing hosts on a LAN.
#
# Start namespace:
# sudo vnetbuild vnetbuild-simple.conf start
#
# Ping from a host on the LAN to an internet address (served by ISP)
# sudo ip netns exec host01 ping 192.0.2.1
# Ping from an internet address (served by ISP) to a host on the LAN:
# sudo ip netns exec isp ping -I 192.0.2.1 10.0.0.2
# IPv6 Ping from host on the LAN to firewall on link local
# sudo ip netns exec host01 ping6 fe80::2:1%veth0
# IPv6 Ping from host on the LAN to an internet address (served by ISP)
# sudo ip netns exec host01 ping6 2001:eeee::1
# Block all traffic through firewall by invoking firehol in the namespace:
# sudo ip netns exec firewall firehol panic
# Clear the firewall with firehol to re-enable the traffic:
# sudo ip netns exec firewall firehol stop
#
host firewall
dev ppp0 192.168.1.1/30 fe80::1:1/64 2001:bbbb::1/64
dev veth0 10.0.0.254/8 fe80::2:1/64
route default via 192.168.1.2
route default via fe80::1:2 dev ppp0
route 2001:aaaa::/64 via fe80::1111:1 dev veth0
exec echo 1 > /proc/sys/net/ipv4/ip_forward
exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
exec sed 's:/var/log/ulog/syslogemu.log:/var/log/ulog/firewall.log:' /etc/ulogd.conf > $NSTMP/ulogd.conf
exec /usr/sbin/ulogd -d -c $NSTMP/ulogd.conf
host isp
dev ppp0wan firewall/ppp0 192.168.1.2/30 192.0.2.1/24 198.51.100.1/24 203.0.113.1/24 2001:eeee::1/64 fe80::1:2/64
route default via 192.168.1.1
route default via fe80::1:1 dev ppp0wan
exec echo 1 > /proc/sys/net/ipv4/ip_forward
exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
host host01
dev veth0 10.0.0.1/8 fe80::1111:1/64 2001:aaaa::1/64
route default via 10.0.0.254
route default via fe80::2:1 dev veth0
host host02
dev veth0 10.0.0.2/8 fe80::1111:2/64 2001:aaaa::2/64
route default via 10.0.0.254
route default via fe80::2:1 dev veth0
host host03 fe80::3/64
dev veth0 10.0.0.2/8 fe80::1111:3/64 2001:aaaa::3/64
route default via 10.0.0.254
route default via fe80::2:1 dev veth0
switch lan
dev d01 firewall/veth0
dev d02 host01/veth0
dev d03 host02/veth0
dev d04 host03/veth0
|