diff --git a/files/interfaces-troisdorf5 b/files/interfaces-troisdorf5 index 37a0421..8170c7f 100644 --- a/files/interfaces-troisdorf5 +++ b/files/interfaces-troisdorf5 @@ -15,6 +15,8 @@ iface lo inet6 loopback # The primary network interface allow-hotplug eth0 iface eth0 inet dhcp + post-up ip route add 185.66.193.106/32 via 10.188.255.6 table 42 + post-up ip route add 185.66.193.106/32 via 10.188.255.6 allow-hotplug eth1 iface eth1 inet6 static address 2a01:4f8:161:62a9::5 diff --git a/files/interfaces-troisdorf6 b/files/interfaces-troisdorf6 index a423081..bea4e88 100644 --- a/files/interfaces-troisdorf6 +++ b/files/interfaces-troisdorf6 @@ -20,6 +20,8 @@ iface eth0 inet static netmask 255.255.255.192 gateway 46.4.138.129 dns-nameserver 213.133.100.100 213.133.99.99 213.133.98.98 + post-up ip route add 185.66.193.105/32 via 10.188.255.5 table 42 + post-up ip route add 185.66.193.105/32 via 10.188.255.5 iface eth0 inet6 static address 2a01:4f8:11d:600::189 diff --git a/files/sn_startup.exit.sh.j2 b/files/sn_startup.exit.sh.j2 index 92dd783..0d3fd8a 100644 --- a/files/sn_startup.exit.sh.j2 +++ b/files/sn_startup.exit.sh.j2 @@ -1,5 +1,5 @@ #!/bin/sh -# Version 1.7 +# Version 1.9 curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} @@ -25,14 +25,12 @@ done # Set mark 4 to Freifunk traffic /sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 -#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4 /sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4 # NAT on eth0 /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # NAT on GRE Freifunk interface -#/sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source 185.66.193.105 /sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source {{ sn_ffrl_IPv4 }} # MTU @@ -48,36 +46,12 @@ done # Create Tunneldigger Bridge /sbin/brctl addbr br-nodes -/sbin/ip link set dev br-nodes up +/sbin/ip link set dev br-nodes up address 2E:9D:FA:A1:6B:0{{ sn_number }} /sbin/ebtables -A FORWARD --logical-in br-nodes -j DROP /usr/local/sbin/batctl if add br-nodes sleep 5 -# Fixing the nf_conntrack … dropping packets error -# hashsize = nf_conntrack_max / 4 -sysctl -w net.netfilter.nf_conntrack_max=262144 -echo 65536 > /sys/module/nf_conntrack/parameters/hashsize - -# Against Denial of Service attacks from internal network -# Check with: sysctl -a | grep conntrack | grep timeout -sysctl -w net.ipv4.netfilter.ip_conntrack_generic_timeout=240 -sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=54000 - -# restart bird -#/bin/systemctl start bird -#/bin/systemctl start bird6 -#/bin/systemctl enable bird -#/bin/systemctl enable bird6 - -# Start tunneldigger -#/bin/systemctl restart tunneldigger -#/bin/systemctl enable tunneldigger - -# radvd restart -#/bin/systemctl restart radvd -#/bin/systemctl enable radvd - #Stop all Services - Started from keepalive.sh /bin/systemctl stop radvd /bin/systemctl stop tunneldigger diff --git a/install.sn.yml b/install.sn.yml index 017f9ad..a9ac159 100644 --- a/install.sn.yml +++ b/install.sn.yml @@ -9,7 +9,7 @@ user: root gather_facts: False vars: - snversion: master_v3.0.1 + snversion: master_v3.0.3 batmanversion: v2015.2 common_required_packages: - git @@ -277,6 +277,13 @@ - name: Bird configuration copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444 when: sn_exit is defined + - name: set netfilter rules + lineinfile: dest=/etc/sysctl.conf line={{ item }} + with_items: + - "net.ipv4.netfilter.ip_conntrack_generic_timeout = 240" + - "net.ipv4.netfilter.ip_conntrack_tcp_timeout_established = 54000" + - "net.netfilter.nf_conntrack_max = 262144" + - lineinfile: dest=/etc/modprobe.conf line="options ip_conntrack hashsize=65536" - name: Reboot the server finally shell: sleep 2 && shutdown -r now "Ansible updates triggered" async: 1