Freifunk-Troisdorf/ansible.fftdf.supernode
5
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity
aa3bf94140
ansible.fftdf.supernode/roles/11-create-cronjob/templates/sn_startup.sh.j2
Stefan aa3bf94140 Changed to Wireguard VPN
2022-05-08 21:32:16 +02:00

52 lines
2.6 KiB
Django/Jinja
Raw Blame History

#!/bin/sh
# Version 1.91
sleep 5
# Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1
# restart when kernel panic
/sbin/sysctl kernel.panic=1
# Routing table 42
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
# Set table for traffice with mark 4
/bin/ip rule add fwmark 0x4 table 42
/bin/ip -6 rule add fwmark 0x4 table 42
# Set mark 4 to Freifunk traffic
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
# All from FF IPv4 via routing table 42
/bin/ip rule add from {{ ffrl_ipv4 }}/32 lookup 42
/bin/ip -6 rule add from {{ ffrl_ipv6_net }}/52 lookup 42
# Add NAT Rules manualy
sleep 60
iptables -t nat -A POSTROUTING -o gre-bb-a.ak.ber -j SNAT --to-source {{ ffrl_ipv4 }}
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-a.ak.ber -j TCPMSS --set-mss 1312
ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-a.ak.ber -j TCPMSS --set-mss 1312
iptables -t nat -A POSTROUTING -o gre-bb-a.fra3.f -j SNAT --to-source {{ ffrl_ipv4 }}
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-a.fra3.f -j TCPMSS --set-mss 1312
ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-a.fra3.f -j TCPMSS --set-mss 1312
iptables -t nat -A POSTROUTING -o gre-bb-a.ix.dus -j SNAT --to-source {{ ffrl_ipv4 }}
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-a.ix.dus -j TCPMSS --set-mss 1312
ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-a.ix.dus -j TCPMSS --set-mss 1312
iptables -t nat -A POSTROUTING -o gre-bb-b.ak.ber -j SNAT --to-source {{ ffrl_ipv4 }}
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-b.ak.ber -j TCPMSS --set-mss 1312
ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-b.ak.ber -j TCPMSS --set-mss 1312
iptables -t nat -A POSTROUTING -o gre-bb-b.fra3.f -j SNAT --to-source {{ ffrl_ipv4 }}
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-b.fra3.f -j TCPMSS --set-mss 1312
ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-b.fra3.f -j TCPMSS --set-mss 1312
iptables -t nat -A POSTROUTING -o gre-bb-b.ix.dus -j SNAT --to-source {{ ffrl_ipv4 }}
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-b.ix.dus -j TCPMSS --set-mss 1312
ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-bb-b.ix.dus -j TCPMSS --set-mss 1312
Reference in New Issue View Git Blame Copy Permalink