From 6255efb82bdd5829528bd8afd212aff15e2eb01c Mon Sep 17 00:00:00 2001 From: Stefan Hoffmann Date: Thu, 12 May 2016 21:06:24 +0200 Subject: [PATCH] Interfaces tdf2 --- files/interfaces-troisdorf2 | 134 ++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) create mode 100644 files/interfaces-troisdorf2 diff --git a/files/interfaces-troisdorf2 b/files/interfaces-troisdorf2 new file mode 100644 index 0000000..ca6ce3b --- /dev/null +++ b/files/interfaces-troisdorf2 @@ -0,0 +1,134 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + up ip address add 185.66.193.107/32 dev lo + +iface lo inet6 loopback + up ip address add 2a03:2260:121::107/48 dev lo + + +# The primary network interface +allow-hotplug eth0 +iface eth0 inet dhcp + post-up iptables -P OUTPUT ACCEPT + post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP + post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP + post-up iptables -A OUTPUT -o eth0 -d 169.254.0.0/16 -j DROP + post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP + post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +auto 6to4 + iface 6to4 inet6 6to4 + local 163.172.28.228 + +# GRE Tunnel zum Rheinland Backbone +# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen + +# Berlin Router A +auto gre-bb-a.ak.ber +iface gre-bb-a.ak.ber inet static + address 100.64.6.25 + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.195.0 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-down ip tunnel del $IFACE + +iface gre-bb-a.ak.ber inet6 static + address 2a03:2260:0:30c::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + +# Berlin Router B +auto gre-bb-b.ak.ber +iface gre-bb-b.ak.ber inet static + address 100.64.6.31 + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.195.1 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-down ip tunnel del $IFACE + +iface gre-bb-b.ak.ber inet6 static + address 2a03:2260:0:30f::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + + +# Duesseldorf Router A +auto gre-bb-a.ix.dus +iface gre-bb-a.ix.dus inet static + address 100.64.6.27 + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.193.0 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-down ip tunnel del $IFACE + +iface gre-bb-a.ix.dus inet6 static + address 2a03:2260:0:30e::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + + +# Duesseldorf Router B +auto gre-bb-b.ix.dus +iface gre-bb-b.ix.dus inet static + address 100.64.6.35 + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.193.1 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-down ip tunnel del $IFACE + +iface gre-bb-b.ix.dus inet6 static + address 2a03:2260:0:311::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + +# Frankfurt Router A +auto gre-bb-a.fra3.f +iface gre-bb-a.fra3.f inet static + address 100.64.6.27 + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.194.0 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-down ip tunnel del $IFACE + +iface gre-bb-a.fra3.f inet6 static + address 2a03:2260:0:30d::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + + +# Frankfurt Router B +auto gre-bb-b.fra3.f +iface gre-bb-b.fra3.f inet static + address 100.64.6.33 + netmask 255.255.255.254 + pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.194.1 ttl 255 + post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 + post-up ip link set $IFACE mtu 1400 + post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 + post-down ip tunnel del $IFACE + +iface gre-bb-b.fra3.f inet6 static + address 2a03:2260:0:310::2/64 + netmask 64 + post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312