From fb8f2a13aa2aeb2b126b8b391a173cf3e7b3231a Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Thu, 16 Nov 2017 17:18:24 +0100 Subject: space_server: enable IPv6 on the free wifi --- .../files/networkd/network/10-lan13.network | 6 ++++ roles/space_server/files/nftables/nftables.conf | 9 +++--- roles/space_server/files/radvd/radvd.conf | 37 +++++++++++----------- 3 files changed, 30 insertions(+), 22 deletions(-) (limited to 'roles/space_server/files') diff --git a/roles/space_server/files/networkd/network/10-lan13.network b/roles/space_server/files/networkd/network/10-lan13.network index 6151c0e..3bb0e36 100644 --- a/roles/space_server/files/networkd/network/10-lan13.network +++ b/roles/space_server/files/networkd/network/10-lan13.network @@ -6,8 +6,14 @@ DHCP=no IPv6AcceptRA=no LinkLocalAddressing=no Address=10.42.3.1/24 +#Address=2a01:4260:1ab:d::1/64 +Address=fe80::1/64 IPForward=yes LLMNR=yes MulticastDNS=yes LLDP=yes EmitLLDP=yes + +[Route] +Destination=2a01:4260:1ab:d::/64 +PreferredSource=2a01:4260:1ab:: diff --git a/roles/space_server/files/nftables/nftables.conf b/roles/space_server/files/nftables/nftables.conf index 30233b0..f038d60 100644 --- a/roles/space_server/files/nftables/nftables.conf +++ b/roles/space_server/files/nftables/nftables.conf @@ -102,15 +102,15 @@ table ip filter { ct state established,related accept ct state invalid drop + # accept all traffic to spacewand + ip daddr $spacewand4 accept + ip saddr $labitat udp dport 161 counter accept # traffic stats # no traffic to admin net ip daddr $adm_net4 ip saddr $int_net4 reject with icmp type net-prohibited ip daddr $adm_net4 drop - # accept all traffic to spacewand - ip daddr $spacewand4 accept - # local traffic iif $adm_if ip saddr $adm_net4 accept iif $wire_if ip saddr $wire_net4 accept @@ -163,11 +163,12 @@ table ip6 filter { ct state established,related accept ct state invalid drop + # accept all traffic to spacewand ip6 daddr $spacewand6 accept iif $wire_if ip6 saddr $wire_net6 accept iif $priv_if ip6 saddr $priv_net6 accept - #iif $free_if ip6 saddr $free_net6 ip6 daddr != $int_net6 accept + iif $free_if ip6 saddr $free_net6 ip6 daddr != $ext_net6 accept iif $pass_if ip6 saddr $pass_net6 accept iif $serv_if ip6 saddr $serv_net6 accept diff --git a/roles/space_server/files/radvd/radvd.conf b/roles/space_server/files/radvd/radvd.conf index 02749f3..7f259ae 100644 --- a/roles/space_server/files/radvd/radvd.conf +++ b/roles/space_server/files/radvd/radvd.conf @@ -6,7 +6,7 @@ interface lan11 { AdvLinkMTU 1500; RDNSS 2a01:4260:1ab:: {}; - prefix 2a01:4260:1ab:b::1/64 { + prefix 2a01:4260:1ab:b::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; @@ -20,27 +20,27 @@ interface lan12 { AdvLinkMTU 1500; RDNSS 2a01:4260:1ab:: {}; - prefix 2a01:4260:1ab:c::1/64 { + prefix 2a01:4260:1ab:c::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; }; -## Free Wifi -#interface lan13 { -# AdvSendAdvert on; -# MinRtrAdvInterval 3; -# MaxRtrAdvInterval 6; -# AdvLinkMTU 1500; -# RDNSS 2a01:4260:1ab:: {}; -# -# prefix 2a01:4260:1ab:d::1/64 { -# #AdvValidLifetime 0; -# #AdvPreferredLifetime 0; -# }; -#}; +# Free Wifi +interface lan13 { + AdvSendAdvert on; + MinRtrAdvInterval 3; + MaxRtrAdvInterval 6; + AdvLinkMTU 1500; + RDNSS 2a01:4260:1ab:: {}; + + prefix 2a01:4260:1ab:d::/64 { + #AdvValidLifetime 0; + #AdvPreferredLifetime 0; + }; +}; -# Password protected wifi +# Password Protected Wifi interface lan14 { AdvSendAdvert on; MinRtrAdvInterval 3; @@ -48,12 +48,13 @@ interface lan14 { AdvLinkMTU 1500; RDNSS 2a01:4260:1ab:: {}; - prefix 2a01:4260:1ab:e::1/64 { + prefix 2a01:4260:1ab:e::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; }; +# NAT64 Wifi interface lan15 { AdvSendAdvert on; MinRtrAdvInterval 3; @@ -61,7 +62,7 @@ interface lan15 { AdvLinkMTU 1500; RDNSS 2a01:4260:1ab:: {}; - prefix 2a01:4260:1ab:f::1/64 { + prefix 2a01:4260:1ab:f::/64 { #AdvValidLifetime 0; #AdvPreferredLifetime 0; }; -- cgit v1.2.1