nigger/lixonet-ee
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'feature_persist_forward' into 'master'

Browse Source 
Feature persist forward

See merge request lixonet/lixonet-ee!5
This commit is contained in:
sump pump 2020-06-09 16:52:49 +00:00
commit 6c8779b8ea
4 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile.tinc
View File

@ -1,9 +1,9 @@
FROM alpine:latest FROM alpine:latest
MAINTAINER Team Lixo <lixonet@team.lixo> MAINTAINER Team Lixo <lixonet@team.lixo>
RUN apk add tinc RUN apk add tinc iptables
EXPOSE 9993/tcp 655/udp EXPOSE 9993/tcp 655/udp
VOLUME /etc/tinc VOLUME /etc/tinc
CMD [ "sh", "-c", "/usr/sbin/tincd --net=$NETNAME --no-detach --user=nobody --debug=3" ] CMD [ "sh", "-c", "/usr/sbin/tincd --net=$NETNAME --no-detach --debug=3" ]

2
README.md
View File

@ -144,7 +144,7 @@ For options we expose here, for information see: https://bird.network.cz/?get_do
2. `eth0` is the **LAN** or **WAN** interface supporting external routing, DNS, etc., and is the **bridged** interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an `eth1` (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters. If you do have more than one interface, make sure that `internal_gateway` is set to the router IP address that can route your personal Lixonet subnets, and not your WAN gateway (unless they're the same). 2. `eth0` is the **LAN** or **WAN** interface supporting external routing, DNS, etc., and is the **bridged** interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an `eth1` (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters. If you do have more than one interface, make sure that `internal_gateway` is set to the router IP address that can route your personal Lixonet subnets, and not your WAN gateway (unless they're the same).
4. `tun` and `tap` are in `/etc/modules` to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards. 4. `tun` and `tap` are in `/etc/modules` to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards.
5. `sigil` is installed (`curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr ' ' '_').tgz" | tar -zxC /usr/local/bin`) 5. `sigil` is installed (`curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr ' ' '_').tgz" | tar -zxC /usr/local/bin`)
6. IPv4 forwarding is on: `sysctl -w net.ipv4.ip_forward=1` and `iptables -P FORWARD ACCEPT` are run (and persisted) to allow IP forwarding. To persist these changes, see: https://wiki.alpinelinux.org/wiki/Configure_Networking, refer to "Save Firewall Rules". 6. IPv4 forwarding is on: `sysctl -w net.ipv4.ip_forward=1`
#### Install: #### Install:

6
tinc/tinc-down.tmpl Normal file
View File

@ -0,0 +1,6 @@
#!/bin/sh
# Disable IPv4 kernel routing/forwarding for this network
iptables -D FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -D FORWARD -o ${internal_interface:-eth0} -d {{.}} -j ACCEPT
{{ end }}{{ end }}

5
tinc/tinc-up.tmpl
View File

@ -1,2 +1,7 @@
#!/bin/sh #!/bin/sh
ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0} ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}
# Enable IPv4 kernel routing/forwarding for this network
iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -o ${internal_interface:-eth0} -d {{.}} -j ACCEPT
{{ end }}{{ end }}