merge develop into master #21
109
README.md
109
README.md
@ -20,69 +20,102 @@
|
||||
See http://kb.linuxvirtualserver.org/wiki/Using_arp_announce/arp_ignore_to_disable_ARP
|
||||
|
||||
### Setup Scripts
|
||||
These are functional setup scripts that make the application run as intended on Linux. They should later be split into
|
||||
component parts, or incorporated into the main application.
|
||||
These are functional setup scripts that make the application run as intended on Linux.
|
||||
|
||||
#### Remote Portal
|
||||
### Remote Portal
|
||||
#### Pre-Start
|
||||
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# IPv4 Forwarding
|
||||
|
||||
## Set up variables
|
||||
REMOTE_PORTAL_ADDRESS=A.B.C.D
|
||||
|
||||
## IPv4 Forwarding
|
||||
sysctl -w net.ipv4.ip_forward=1
|
||||
sysctl -w net.ipv4.conf.eth0.proxy_arp=1
|
||||
|
||||
# Tunnel addr/up
|
||||
## Tunnel addr/up
|
||||
ip addr add 172.19.152.2/31 dev nc0
|
||||
ip link set up nc0
|
||||
|
||||
# Deliberately break local routing
|
||||
## Transfer the local routing table to a much lower priority
|
||||
ip rule add from all table local priority 20
|
||||
ip rule del 0 || true
|
||||
|
||||
# Route packets to the interface but for nc to this host
|
||||
ip rule add to 1.1.1.3 dport 1234 table local priority 9
|
||||
## Ports to route locally
|
||||
ip rule add to "$REMOTE_PORTAL_ADDRESS" dport 1234 table local priority 1
|
||||
ip rule add to "$REMOTE_PORTAL_ADDRESS" dport 22 table local priority 2
|
||||
|
||||
#### Post-Start
|
||||
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
## Set up variables
|
||||
REMOTE_PORTAL_ADDRESS=A.B.C.D
|
||||
|
||||
# Route packets to the interface but not for nc via the tunnel
|
||||
ip route flush 10
|
||||
ip route add table 10 to 1.1.1.3 via 172.19.152.3 dev nc0
|
||||
ip rule add to 1.1.1.3 table 10 priority 10
|
||||
ip route flush 19
|
||||
ip route add table 19 to "$REMOTE_PORTAL_ADDRESS" via 172.19.152.3 dev nc0
|
||||
ip rule add to "$REMOTE_PORTAL_ADDRESS" table 19 priority 19
|
||||
|
||||
#### Local Portal
|
||||
### Local Portal
|
||||
#### Pre-Start
|
||||
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
## Set up variables
|
||||
GATEWAY_INTERFACE=eth0
|
||||
GATEWAY_ADDRESS=10.36.12.1
|
||||
|
||||
## Fix ARP
|
||||
sysctl -w net.ipv4.conf.all.arp_announce=1
|
||||
sysctl -w net.ipv4.conf.all.arp_ignore=1
|
||||
|
||||
## IPv4 Forwarding
|
||||
sysctl -w net.ipv4.ip_forward=1
|
||||
|
||||
## Gateway Interface Setup
|
||||
ip addr add "$GATEWAY_ADDRESS"/32 dev "$GATEWAY_INTERFACE"
|
||||
ip link set up "$GATEWAY_INTERFACE"
|
||||
|
||||
## Per-Interface Routing Tables
|
||||
|
||||
### 10.10.0.0/24
|
||||
ip route flush 10
|
||||
ip route add table 10 default via 10.10.0.1
|
||||
ip rule add from 10.10.0.0/24 table 10 priority 10
|
||||
|
||||
### 192.168.0.0/24
|
||||
ip route flush 11
|
||||
ip route add table 11 default via 192.168.0.1
|
||||
ip rule add from 192.168.0.0/24 table 11 priority 11
|
||||
|
||||
#### Post-Start
|
||||
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Fix ARP
|
||||
sysctl -w net.ipv4.conf.all.arp_announce=1
|
||||
sysctl -w net.ipv4.conf.all.arp_ignore=1
|
||||
## Set up variables
|
||||
REMOTE_PORTAL_ADDRESS=A.B.C.D
|
||||
GATEWAY_INTERFACE=eth0
|
||||
|
||||
# IPv4 Forwarding
|
||||
sysctl -w net.ipv4.ip_forward=1
|
||||
|
||||
# Tunnel addr/up
|
||||
## Tunnel Address and Enable
|
||||
ip addr add 172.19.152.3/31 dev nc0
|
||||
ip link set up nc0
|
||||
|
||||
# Fix routing out of the correct interfaces
|
||||
ip route flush 10
|
||||
ip route add table 10 to 1.1.1.0/24 dev eth1
|
||||
ip rule add from 1.1.1.4 table 10 priority 10
|
||||
## Route Outbound Packets Correctly
|
||||
ip route flush 20
|
||||
ip route add table 20 default via 172.19.152.2 dev nc0
|
||||
ip rule add from "$REMOTE_PORTAL_ADDRESS" iif "$GATEWAY_INTERFACE" table 20 priority 20
|
||||
|
||||
ip route flush 11
|
||||
ip route add table 11 to 1.1.1.0/24 dev eth2
|
||||
ip rule add from 1.1.1.5 table 11 priority 11
|
||||
|
||||
# Route packets from the remote portal's address on the client interface via the tunnel
|
||||
ip route flush 12
|
||||
ip route add table 12 to 1.1.1.0/24 via 172.19.152.2 dev nc0
|
||||
ip rule add from 1.1.1.3 iif eth3 table 12 priority 12
|
||||
|
||||
# Route packets to the remote portal's address out of the client interface
|
||||
ip route flush 13
|
||||
ip route add table 13 to 1.1.1.3 dev eth3
|
||||
ip rule add to 1.1.1.3 table 13 priority 13
|
||||
## Route Inbound Packets Correctly
|
||||
ip route flush 21
|
||||
ip route add table 21 to "$REMOTE_PORTAL_ADDRESS" dev "$GATEWAY_INTERFACE"
|
||||
ip rule add to "$REMOTE_PORTAL_ADDRESS" table 21 priority 21
|
||||
|
||||
#### Client
|
||||
|
||||
No configuration needed. Simply set the IP to that of the remote server/32 with a gateway of 192.168.1.1.
|
||||
Connect to `GATEWAY_INTERFACE` and set the IP to `REMOTE_PORTAL_ADDRESS`/32 with a gateway of `GATEWAY_ADDRESS`.
|
||||
|
Loading…
Reference in New Issue
Block a user