updated readme

This commit is contained in:
Jake Hillion 2021-01-20 11:10:49 +00:00
parent 9c0ceef9ac
commit 9ec92b6768

103
README.md
View File

@ -20,69 +20,102 @@
See http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP See http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP
### Setup Scripts ### Setup Scripts
These are functional setup scripts that make the application run as intended on Linux. They should later be split into These are functional setup scripts that make the application run as intended on Linux.
component parts, or incorporated into the main application.
#### Remote Portal ### Remote Portal
#### Pre-Start
#!/bin/bash #!/bin/bash
set -e set -e
# IPv4 Forwarding ## Set up variables
REMOTE_PORTAL_ADDRESS=A.B.C.D
## IPv4 Forwarding
sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv4.ip_forward=1
sysctl -w net.ipv4.conf.eth0.proxy_arp=1 sysctl -w net.ipv4.conf.eth0.proxy_arp=1
# Tunnel addr/up ## Tunnel addr/up
ip addr add 172.19.152.2/31 dev nc0 ip addr add 172.19.152.2/31 dev nc0
ip link set up nc0 ip link set up nc0
# Deliberately break local routing ## Transfer the local routing table to a much lower priority
ip rule add from all table local priority 20 ip rule add from all table local priority 20
ip rule del 0 || true ip rule del 0 || true
# Route packets to the interface but for nc to this host ## Ports to route locally
ip rule add to 1.1.1.3 dport 1234 table local priority 9 ip rule add to "$REMOTE_PORTAL_ADDRESS" dport 1234 table local priority 1
ip rule add to "$REMOTE_PORTAL_ADDRESS" dport 22 table local priority 2
# Route packets to the interface but not for nc via the tunnel #### Post-Start
ip route flush 10
ip route add table 10 to 1.1.1.3 via 172.19.152.3 dev nc0
ip rule add to 1.1.1.3 table 10 priority 10
#### Local Portal
#!/bin/bash #!/bin/bash
set -e set -e
# Fix ARP ## Set up variables
REMOTE_PORTAL_ADDRESS=A.B.C.D
# Route packets to the interface but not for nc via the tunnel
ip route flush 19
ip route add table 19 to "$REMOTE_PORTAL_ADDRESS" via 172.19.152.3 dev nc0
ip rule add to "$REMOTE_PORTAL_ADDRESS" table 19 priority 19
### Local Portal
#### Pre-Start
#!/bin/bash
set -e
## Set up variables
GATEWAY_INTERFACE=eth0
GATEWAY_ADDRESS=10.36.12.1
## Fix ARP
sysctl -w net.ipv4.conf.all.arp_announce=1 sysctl -w net.ipv4.conf.all.arp_announce=1
sysctl -w net.ipv4.conf.all.arp_ignore=1 sysctl -w net.ipv4.conf.all.arp_ignore=1
# IPv4 Forwarding ## IPv4 Forwarding
sysctl -w net.ipv4.ip_forward=1 sysctl -w net.ipv4.ip_forward=1
# Tunnel addr/up ## Gateway Interface Setup
ip addr add "$GATEWAY_ADDRESS"/32 dev "$GATEWAY_INTERFACE"
ip link set up "$GATEWAY_INTERFACE"
## Per-Interface Routing Tables
### 10.10.0.0/24
ip route flush 10
ip route add table 10 default via 10.10.0.1
ip rule add from 10.10.0.0/24 table 10 priority 10
### 192.168.0.0/24
ip route flush 11
ip route add table 11 default via 192.168.0.1
ip rule add from 192.168.0.0/24 table 11 priority 11
#### Post-Start
#!/bin/bash
set -e
## Set up variables
REMOTE_PORTAL_ADDRESS=A.B.C.D
GATEWAY_INTERFACE=eth0
## Tunnel Address and Enable
ip addr add 172.19.152.3/31 dev nc0 ip addr add 172.19.152.3/31 dev nc0
ip link set up nc0 ip link set up nc0
# Fix routing out of the correct interfaces ## Route Outbound Packets Correctly
ip route flush 10 ip route flush 20
ip route add table 10 to 1.1.1.0/24 dev eth1 ip route add table 20 default via 172.19.152.2 dev nc0
ip rule add from 1.1.1.4 table 10 priority 10 ip rule add from "$REMOTE_PORTAL_ADDRESS" iif "$GATEWAY_INTERFACE" table 20 priority 20
ip route flush 11 ## Route Inbound Packets Correctly
ip route add table 11 to 1.1.1.0/24 dev eth2 ip route flush 21
ip rule add from 1.1.1.5 table 11 priority 11 ip route add table 21 to "$REMOTE_PORTAL_ADDRESS" dev "$GATEWAY_INTERFACE"
ip rule add to "$REMOTE_PORTAL_ADDRESS" table 21 priority 21
# Route packets from the remote portal's address on the client interface via the tunnel
ip route flush 12
ip route add table 12 to 1.1.1.0/24 via 172.19.152.2 dev nc0
ip rule add from 1.1.1.3 iif eth3 table 12 priority 12
# Route packets to the remote portal's address out of the client interface
ip route flush 13
ip route add table 13 to 1.1.1.3 dev eth3
ip rule add to 1.1.1.3 table 13 priority 13
#### Client #### Client
No configuration needed. Simply set the IP to that of the remote server/32 with a gateway of 192.168.1.1. Connect to `GATEWAY_INTERFACE` and set the IP to `REMOTE_PORTAL_ADDRESS`/32 with a gateway of `GATEWAY_ADDRESS`.