freifunk: move ip rule config to networkd
This commit is contained in:
parent
b511c4ca04
commit
098357c1a3
|
@ -86,10 +86,6 @@ in {
|
||||||
# Setup routing into Freifunk,
|
# Setup routing into Freifunk,
|
||||||
# masquerading anything that isn't already their IP range
|
# masquerading anything that isn't already their IP range
|
||||||
extraCommands = ''
|
extraCommands = ''
|
||||||
${pkgs.iproute}/bin/ip rule del priority 300 || true
|
|
||||||
${pkgs.iproute}/bin/ip rule add to 10.200.0.0/16 table bmx_hosts priority 300
|
|
||||||
${pkgs.iproute}/bin/ip rule del priority 33000 || true
|
|
||||||
${pkgs.iproute}/bin/ip rule add table bmx_tuns priority 33000
|
|
||||||
${pkgs.iptables}/bin/iptables -t nat -F POSTROUTING
|
${pkgs.iptables}/bin/iptables -t nat -F POSTROUTING
|
||||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \
|
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING \
|
||||||
\! --source 10.200.0.0/15 -o ${meshInterface} -j SNAT --to 10.200.${ddmeshAddrPart}
|
\! --source 10.200.0.0/15 -o ${meshInterface} -j SNAT --to 10.200.${ddmeshAddrPart}
|
||||||
|
@ -191,14 +187,27 @@ in {
|
||||||
Broadcast = ddmeshBroadcast;
|
Broadcast = ddmeshBroadcast;
|
||||||
};
|
};
|
||||||
}];
|
}];
|
||||||
|
routingPolicyRules = [ {
|
||||||
|
routingPolicyRuleConfig = {
|
||||||
|
Priority = 300;
|
||||||
|
To = "10.200.0.0/16";
|
||||||
|
Table = "bmx_hosts";
|
||||||
|
};
|
||||||
|
} ];
|
||||||
};
|
};
|
||||||
# Dummy interface for primary (10.200) address
|
# Dummy interface for primary (10.200) address
|
||||||
"11-bmx-loopback" = {
|
"11-bmx-prime" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
matchConfig = { Name = meshLoopback; };
|
matchConfig = { Name = meshLoopback; };
|
||||||
addresses = [{
|
addresses = [{
|
||||||
addressConfig.Address = "10.200.${ddmeshAddrPart}/32";
|
addressConfig.Address = "10.200.${ddmeshAddrPart}/32";
|
||||||
}];
|
}];
|
||||||
|
routingPolicyRules = [ {
|
||||||
|
routingPolicyRuleConfig = {
|
||||||
|
Priority = 33000;
|
||||||
|
Table = "bmx_tuns";
|
||||||
|
};
|
||||||
|
} ];
|
||||||
};
|
};
|
||||||
"31-wg-vpn6" = {
|
"31-wg-vpn6" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user