fickit: fix VLAN and do NAT to Internet
This commit is contained in:
parent
d45a6841db
commit
3bc8d7064b
@ -47,7 +47,7 @@ onboot:
|
||||
net: /run/netns/nginx
|
||||
# - name: frontal-ip-setup # without bonding
|
||||
# image: linuxkit/ip:v0.7
|
||||
# command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 163.5.55.58/32 dev eth1; ip link add link eth1 name internet type vlan id 1; ip link set internet up;" ]
|
||||
# command: ["/bin/sh", "-c", "ip link set eth1 up; ip a add 172.23.42.1/24 dev eth1; ip a add 172.23.42.254/24 dev eth1; ip a add 163.5.55.58/32 dev eth1; ip link add link eth1 name internet type vlan id 2; ip link set internet up;" ]
|
||||
# net: /run/netns/nginx
|
||||
# runtime:
|
||||
# interfaces:
|
||||
@ -57,7 +57,7 @@ onboot:
|
||||
# - name: eth4
|
||||
- name: frontal-ip-setup # with bonding
|
||||
image: linuxkit/ip:v0.7
|
||||
command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ]
|
||||
command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3 eth4; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 2; ip link set internet up; sysctl -w net.ipv4.ip_forward=1;" ]
|
||||
net: /run/netns/nginx
|
||||
runtime:
|
||||
interfaces:
|
||||
@ -453,6 +453,17 @@ files:
|
||||
noarp
|
||||
waitip 4
|
||||
mode: "0440"
|
||||
- path: etc/unbound/unbound.d/tmp-user.conf
|
||||
contents: |
|
||||
username: ""
|
||||
mode: "0440"
|
||||
# - path: etc/unbound/unbound.d/forwarder.conf
|
||||
# contents: |
|
||||
# forward-zone:
|
||||
# name: "."
|
||||
# forward-addr: 9.9.9.9
|
||||
# forward-addr: 1.1.1.1
|
||||
# mode: "0440"
|
||||
- path: etc/unbound/unbound.d/access-control.conf
|
||||
contents: |
|
||||
access-control: 172.23.0.0/16 allow
|
||||
@ -492,6 +503,13 @@ files:
|
||||
mode: "0440"
|
||||
- path: etc/iptables/rules-frontal.v4
|
||||
contents: |
|
||||
*nat
|
||||
:PREROUTING ACCEPT [0:0]
|
||||
:INPUT ACCEPT [0:0]
|
||||
:OUTPUT ACCEPT [0:0]
|
||||
:POSTROUTING ACCEPT [0:0]
|
||||
[0:0] -A POSTROUTING -o internet -j MASQUERADE
|
||||
COMMIT
|
||||
*filter
|
||||
:INPUT DROP [0:0]
|
||||
:FORWARD ACCEPT [0:0]
|
||||
|
Loading…
Reference in New Issue
Block a user