# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback up ip address add 185.66.193.104/32 dev lo iface lo inet6 loopback up ip address add 2a03:2260:121:4000::105/52 dev lo # The primary network interface allow-hotplug {{ sn_interface_name }} iface {{ sn_interface_name }} inet static address 46.4.156.114 netmask 255.255.255.255 gateway 163.172.210.1 pointopoint 163.172.210.1 post-up iptables -P OUTPUT ACCEPT post-up iptables -A OUTPUT -o $IFACE -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 169.254.0.0/16 -j DROP post-up iptables -A OUTPUT -o $IFACE -d 192.168.0.0/16 -j DROP post-up iptables -A FORWARD -o $IFACE -d 10.0.0.0/8 -j DROP post-up iptables -A FORWARD -o $IFACE -d 172.16.0.0/12 -j DROP post-up iptables -A FORWARD -o $IFACE -d 169.254.0.0/16 -j DROP post-up iptables -A FORWARD -o $IFACE -d 192.168.0.0/16 -j DROP post-up iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE auto 6to4 iface 6to4 inet6 6to4 local 46.4.156.114 # GRE Tunnel zum Rheinland Backbone # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # Berlin Router A auto gre-bb-a.ak.ber iface gre-bb-a.ak.ber inet static address 100.64.6.13 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-a.ak.ber inet6 static address 2a03:2260:0:306::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 # Berlin Router B auto gre-bb-b.ak.ber iface gre-bb-b.ak.ber inet static address 100.64.6.19 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.195.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-b.ak.ber inet6 static address 2a03:2260:0:309::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 # Duesseldorf Router A auto gre-bb-a.ix.dus iface gre-bb-a.ix.dus inet static address 100.64.6.17 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-a.ix.dus inet6 static address 2a03:2260:0:308::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 # Duesseldorf Router B auto gre-bb-b.ix.dus iface gre-bb-b.ix.dus inet static address 100.64.6.23 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.193.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-b.ix.dus inet6 static address 2a03:2260:0:30b::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 # Frankfurt Router A auto gre-bb-a.fra3.f iface gre-bb-a.fra3.f inet static address 100.64.6.15 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.0 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-a.fra3.f inet6 static address 2a03:2260:0:307::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 # Frankfurt Router B auto gre-bb-b.fra3.f iface gre-bb-b.fra3.f inet static address 100.64.6.21 netmask 255.255.255.254 pre-up ip tunnel add $IFACE mode gre local 46.4.156.114 remote 185.66.194.1 ttl 255 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up ip link set $IFACE mtu 1400 post-down iptables -t nat -D POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-down ip tunnel del $IFACE iface gre-bb-b.fra3.f inet6 static address 2a03:2260:0:30a::2/64 netmask 64 post-up ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312