ansible.fftdf.supernode/files/interfaces-troisdorf4.j2

143 lines
6.3 KiB
Plaintext
Raw Permalink Normal View History

2016-05-08 20:38:46 +00:00
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
2016-05-10 22:08:06 +00:00
up ip address add 185.66.193.104/32 dev lo
2016-05-08 20:38:46 +00:00
iface lo inet6 loopback
2016-07-11 17:44:11 +00:00
up ip address add 2a03:2260:121:4000::105/52 dev lo
2016-05-08 20:38:46 +00:00
# The primary network interface
2019-02-07 23:18:44 +00:00
allow-hotplug {{ sn_interface_name }}
iface {{ sn_interface_name }} inet static
2019-10-25 21:10:42 +00:00
address 46.4.156.114
netmask 255.255.255.255
gateway 163.172.210.1
pointopoint 163.172.210.1
2016-05-08 20:38:46 +00:00
post-up iptables -P OUTPUT ACCEPT
2019-02-07 23:18:44 +00:00
post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP
post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP
2019-02-07 23:18:44 +00:00
post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
2016-05-08 20:38:46 +00:00
auto 6to4
iface 6to4 inet6 6to4
2019-10-25 21:10:42 +00:00
local 46.4.156.114
2016-05-08 20:38:46 +00:00
# GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
# Berlin Router A
auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static
2016-05-10 22:08:06 +00:00
address 100.64.6.13
2016-05-08 20:38:46 +00:00
netmask 255.255.255.254
2019-10-25 21:10:42 +00:00
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255
2016-05-10 22:08:06 +00:00
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
2016-05-10 22:08:06 +00:00
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static
2016-05-10 22:08:06 +00:00
address 2a03:2260:0:306::2/64
2016-05-08 20:38:46 +00:00
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Berlin Router B
auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static
2016-05-10 22:08:06 +00:00
address 100.64.6.19
2016-05-08 20:38:46 +00:00
netmask 255.255.255.254
2019-10-25 21:10:42 +00:00
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255
2016-05-10 22:08:06 +00:00
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
2016-05-10 22:08:06 +00:00
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static
2016-05-10 22:08:06 +00:00
address 2a03:2260:0:309::2/64
2016-05-08 20:38:46 +00:00
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router A
auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static
2016-05-10 22:08:06 +00:00
address 100.64.6.17
2016-05-08 20:38:46 +00:00
netmask 255.255.255.254
2019-10-25 21:10:42 +00:00
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255
2016-05-10 22:08:06 +00:00
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
2016-05-10 22:08:06 +00:00
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static
2016-05-10 22:08:06 +00:00
address 2a03:2260:0:308::2/64
2016-05-08 20:38:46 +00:00
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Duesseldorf Router B
auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static
2016-05-10 22:08:06 +00:00
address 100.64.6.23
2016-05-08 20:38:46 +00:00
netmask 255.255.255.254
2019-10-25 21:10:42 +00:00
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255
2016-05-10 22:08:06 +00:00
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
2016-05-10 22:08:06 +00:00
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
2016-05-08 20:38:46 +00:00
post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static
2016-05-10 22:08:06 +00:00
address 2a03:2260:0:30b::2/64
2016-05-08 20:38:46 +00:00
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
2016-05-10 22:08:06 +00:00
# Frankfurt Router A
auto gre-bb-a.fra3.f
iface gre-bb-a.fra3.f inet static
address 100.64.6.15
2016-05-10 22:08:06 +00:00
netmask 255.255.255.254
2019-10-25 21:10:42 +00:00
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255
2016-05-10 22:08:06 +00:00
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-a.fra3.f inet6 static
2016-05-10 22:08:06 +00:00
address 2a03:2260:0:307::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
# Frankfurt Router B
auto gre-bb-b.fra3.f
iface gre-bb-b.fra3.f inet static
2016-05-10 22:08:06 +00:00
address 100.64.6.21
netmask 255.255.255.254
2019-10-25 21:10:42 +00:00
pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255
2016-05-10 22:08:06 +00:00
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400
post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-down ip tunnel del $IFACE
iface gre-bb-b.fra3.f inet6 static
2016-05-10 22:08:06 +00:00
address 2a03:2260:0:30a::2/64
netmask 64
post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312