fix nftables + update frrouting config
This commit is contained in:
parent
1394e27de0
commit
b0e371ccef
2 changed files with 18 additions and 31 deletions
|
@ -1,10 +1,22 @@
|
||||||
frr version 9.1
|
!
|
||||||
|
frr version 10.1.1
|
||||||
frr defaults traditional
|
frr defaults traditional
|
||||||
hostname rt-mep
|
hostname rt-mep
|
||||||
log syslog informational
|
log syslog informational
|
||||||
service integrated-vtysh-config
|
service integrated-vtysh-config
|
||||||
!
|
!
|
||||||
|
ipv6 prefix-list transit-in-v6 seq 1 permit ::/0 le 48
|
||||||
|
ipv6 prefix-list transit-in-v6 seq 96 deny 2002::/16 le 128
|
||||||
|
ipv6 prefix-list transit-in-v6 seq 97 deny 3ffe::/16 le 128
|
||||||
|
ipv6 prefix-list transit-in-v6 seq 98 deny 5f00::/8 le 128
|
||||||
|
ipv6 prefix-list transit-in-v6 seq 99 permit 2000::/3 le 48
|
||||||
|
ipv6 prefix-list internal-as213253 seq 1 permit 2a0e:fd45:2a00::/40 le 128
|
||||||
|
ipv6 prefix-list internal-as213253 seq 2 permit 2a0e:e704:42::/48 le 128
|
||||||
|
ipv6 prefix-list allow-default seq 5 permit ::/0
|
||||||
|
ipv6 prefix-list origin-as213253 seq 1 permit 2a0e:fd45:2a00::/40
|
||||||
|
!
|
||||||
ipv6 route 2a0e:fd45:2a0c::/64 eth1
|
ipv6 route 2a0e:fd45:2a0c::/64 eth1
|
||||||
|
ipv6 route fd80::179/128 2a0e:fd40:103::1 eth0
|
||||||
!
|
!
|
||||||
interface lo
|
interface lo
|
||||||
description Loopback0
|
description Loopback0
|
||||||
|
@ -15,10 +27,6 @@ exit
|
||||||
router bgp 213253
|
router bgp 213253
|
||||||
bgp router-id 45.139.163.92
|
bgp router-id 45.139.163.92
|
||||||
no bgp suppress-duplicates
|
no bgp suppress-duplicates
|
||||||
neighbor 2a0e:fd45:2a00:1::6 remote-as 213253
|
|
||||||
neighbor 2a0e:fd45:2a00:1::6 description core-dro
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 remote-as 213253
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 description edge-fra
|
|
||||||
neighbor 2a0e:fd45:2a00:1::11 remote-as 213253
|
neighbor 2a0e:fd45:2a00:1::11 remote-as 213253
|
||||||
neighbor 2a0e:fd45:2a00:1::11 description core-vel
|
neighbor 2a0e:fd45:2a00:1::11 description core-vel
|
||||||
neighbor fd80::179 remote-as 44103
|
neighbor fd80::179 remote-as 44103
|
||||||
|
@ -33,18 +41,6 @@ router bgp 213253
|
||||||
network 2a0e:fd45:2a00::/40
|
network 2a0e:fd45:2a00::/40
|
||||||
redistribute connected
|
redistribute connected
|
||||||
redistribute static
|
redistribute static
|
||||||
neighbor 2a0e:fd45:2a00:1::6 activate
|
|
||||||
neighbor 2a0e:fd45:2a00:1::6 addpath-tx-all-paths
|
|
||||||
neighbor 2a0e:fd45:2a00:1::6 next-hop-self
|
|
||||||
neighbor 2a0e:fd45:2a00:1::6 soft-reconfiguration inbound
|
|
||||||
neighbor 2a0e:fd45:2a00:1::6 route-map igp-internal-only in
|
|
||||||
neighbor 2a0e:fd45:2a00:1::6 route-map igp-internal-only out
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 activate
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 addpath-tx-all-paths
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 next-hop-self
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 soft-reconfiguration inbound
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 route-map igp-internal-only in
|
|
||||||
neighbor 2a0e:fd45:2a00:1::9 route-map igp-internal-only out
|
|
||||||
neighbor 2a0e:fd45:2a00:1::11 activate
|
neighbor 2a0e:fd45:2a00:1::11 activate
|
||||||
neighbor 2a0e:fd45:2a00:1::11 addpath-tx-all-paths
|
neighbor 2a0e:fd45:2a00:1::11 addpath-tx-all-paths
|
||||||
neighbor 2a0e:fd45:2a00:1::11 next-hop-self
|
neighbor 2a0e:fd45:2a00:1::11 next-hop-self
|
||||||
|
@ -57,16 +53,6 @@ router bgp 213253
|
||||||
exit-address-family
|
exit-address-family
|
||||||
exit
|
exit
|
||||||
!
|
!
|
||||||
ipv6 prefix-list transit-in-v6 seq 1 permit ::/0 le 48
|
|
||||||
ipv6 prefix-list transit-in-v6 seq 96 deny 2002::/16 le 128
|
|
||||||
ipv6 prefix-list transit-in-v6 seq 97 deny 3ffe::/16 le 128
|
|
||||||
ipv6 prefix-list transit-in-v6 seq 98 deny 5f00::/8 le 128
|
|
||||||
ipv6 prefix-list transit-in-v6 seq 99 permit 2000::/3 le 48
|
|
||||||
ipv6 prefix-list internal-as213253 seq 1 permit 2a0e:fd45:2a00::/40 le 128
|
|
||||||
ipv6 prefix-list internal-as213253 seq 2 permit 2a0e:e704:42::/48 le 128
|
|
||||||
ipv6 prefix-list allow-default seq 5 permit ::/0
|
|
||||||
ipv6 prefix-list origin-as213253 seq 1 permit 2a0e:fd45:2a00::/40
|
|
||||||
!
|
|
||||||
route-map transit-44103-out-v6 permit 1
|
route-map transit-44103-out-v6 permit 1
|
||||||
match ipv6 address prefix-list origin-as213253
|
match ipv6 address prefix-list origin-as213253
|
||||||
exit
|
exit
|
||||||
|
@ -83,4 +69,5 @@ exit
|
||||||
route-map igp-internal-only permit 10
|
route-map igp-internal-only permit 10
|
||||||
match ipv6 address prefix-list internal-as213253
|
match ipv6 address prefix-list internal-as213253
|
||||||
exit
|
exit
|
||||||
!
|
!
|
||||||
|
end
|
|
@ -10,10 +10,10 @@ define WAN_IP = 45.139.163.92
|
||||||
define FRONT_HTTP = 10.100.2.254
|
define FRONT_HTTP = 10.100.2.254
|
||||||
define RICK_VM = 10.100.2.252
|
define RICK_VM = 10.100.2.252
|
||||||
|
|
||||||
table inet nat {
|
table ip nat {
|
||||||
chain prerouting {
|
chain prerouting {
|
||||||
type nat hook prerouting priority 0;
|
type nat hook prerouting priority 0;
|
||||||
iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
|
iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
|
||||||
iifname $WAN udp dport {443} dnat ip to $FRONT_HTTP;
|
iifname $WAN udp dport {443} dnat ip to $FRONT_HTTP;
|
||||||
iifname $WAN tcp dport {62142,62169,62420} dnat ip to $RICK_VM;
|
iifname $WAN tcp dport {62142,62169,62420} dnat ip to $RICK_VM;
|
||||||
}
|
}
|
||||||
|
@ -28,7 +28,7 @@ table inet nat {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
table inet filter {
|
table ip filter {
|
||||||
chain input {
|
chain input {
|
||||||
type filter hook input priority 0;
|
type filter hook input priority 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue