2015-04-10 11:14:55 +00:00
|
|
|
#
|
|
|
|
# Simple vnetbuild config with one namespace representing the firewall,
|
|
|
|
# one representing the ISP and the whole internet behind it and a few
|
|
|
|
# more representing hosts on a LAN.
|
|
|
|
#
|
|
|
|
# Start namespace:
|
|
|
|
# sudo vnetbuild vnetbuild-simple.conf start
|
|
|
|
#
|
|
|
|
# Ping from a host on the LAN to an internet address (served by ISP)
|
|
|
|
# sudo ip netns exec host01 ping 192.0.2.1
|
|
|
|
# Ping from an internet address (served by ISP) to a host on the LAN:
|
|
|
|
# sudo ip netns exec isp ping -I 192.0.2.1 10.0.0.2
|
2015-07-29 19:13:44 +00:00
|
|
|
# IPv6 Ping from host on the LAN to firewall on link local
|
|
|
|
# sudo ip netns exec host01 ping6 fe80::2:1%veth0
|
|
|
|
# IPv6 Ping from host on the LAN to an internet address (served by ISP)
|
|
|
|
# sudo ip netns exec host01 ping6 2001:eeee::1
|
2015-04-10 11:14:55 +00:00
|
|
|
# Block all traffic through firewall by invoking firehol in the namespace:
|
|
|
|
# sudo ip netns exec firewall firehol panic
|
|
|
|
# Clear the firewall with firehol to re-enable the traffic:
|
|
|
|
# sudo ip netns exec firewall firehol stop
|
|
|
|
#
|
|
|
|
|
|
|
|
host firewall
|
2015-07-29 19:13:44 +00:00
|
|
|
dev ppp0 192.168.1.1/30 fe80::1:1/64 2001:bbbb::1/64
|
|
|
|
dev veth0 10.0.0.254/8 fe80::2:1/64
|
2015-04-10 11:14:55 +00:00
|
|
|
route default via 192.168.1.2
|
2015-07-29 19:13:44 +00:00
|
|
|
route default via fe80::1:2 dev ppp0
|
|
|
|
route 2001:aaaa::/64 via fe80::1111:1 dev veth0
|
2015-04-10 11:14:55 +00:00
|
|
|
exec echo 1 > /proc/sys/net/ipv4/ip_forward
|
2015-07-29 19:13:44 +00:00
|
|
|
exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
|
2015-04-10 11:14:55 +00:00
|
|
|
exec sed 's:/var/log/ulog/syslogemu.log:/var/log/ulog/firewall.log:' /etc/ulogd.conf > $NSTMP/ulogd.conf
|
|
|
|
exec /usr/sbin/ulogd -d -c $NSTMP/ulogd.conf
|
|
|
|
|
|
|
|
host isp
|
2015-07-29 19:13:44 +00:00
|
|
|
dev ppp0wan firewall/ppp0 192.168.1.2/30 192.0.2.1/24 198.51.100.1/24 203.0.113.1/24 2001:eeee::1/64 fe80::1:2/64
|
2015-04-10 11:14:55 +00:00
|
|
|
route default via 192.168.1.1
|
2015-07-29 19:13:44 +00:00
|
|
|
route default via fe80::1:1 dev ppp0wan
|
2015-04-10 11:14:55 +00:00
|
|
|
exec echo 1 > /proc/sys/net/ipv4/ip_forward
|
2015-07-29 19:13:44 +00:00
|
|
|
exec echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
|
2015-04-10 11:14:55 +00:00
|
|
|
|
|
|
|
host host01
|
2015-07-29 19:13:44 +00:00
|
|
|
dev veth0 10.0.0.1/8 fe80::1111:1/64 2001:aaaa::1/64
|
2015-04-10 11:14:55 +00:00
|
|
|
route default via 10.0.0.254
|
2015-07-29 19:13:44 +00:00
|
|
|
route default via fe80::2:1 dev veth0
|
2015-04-10 11:14:55 +00:00
|
|
|
|
|
|
|
host host02
|
2015-07-29 19:13:44 +00:00
|
|
|
dev veth0 10.0.0.2/8 fe80::1111:2/64 2001:aaaa::2/64
|
2015-04-10 11:14:55 +00:00
|
|
|
route default via 10.0.0.254
|
2015-07-29 19:13:44 +00:00
|
|
|
route default via fe80::2:1 dev veth0
|
2015-04-10 11:14:55 +00:00
|
|
|
|
2015-07-29 19:13:44 +00:00
|
|
|
host host03 fe80::3/64
|
|
|
|
dev veth0 10.0.0.2/8 fe80::1111:3/64 2001:aaaa::3/64
|
2015-04-10 11:14:55 +00:00
|
|
|
route default via 10.0.0.254
|
2015-07-29 19:13:44 +00:00
|
|
|
route default via fe80::2:1 dev veth0
|
2015-04-10 11:14:55 +00:00
|
|
|
|
|
|
|
switch lan
|
|
|
|
dev d01 firewall/veth0
|
|
|
|
dev d02 host01/veth0
|
|
|
|
dev d03 host02/veth0
|
|
|
|
dev d04 host03/veth0
|