fix nftables + update frrouting config
This commit is contained in:
parent
1394e27de0
commit
b0e371ccef
2 changed files with 18 additions and 31 deletions
|
@ -1,10 +1,22 @@
|
|||
frr version 9.1
|
||||
!
|
||||
frr version 10.1.1
|
||||
frr defaults traditional
|
||||
hostname rt-mep
|
||||
log syslog informational
|
||||
service integrated-vtysh-config
|
||||
!
|
||||
ipv6 prefix-list transit-in-v6 seq 1 permit ::/0 le 48
|
||||
ipv6 prefix-list transit-in-v6 seq 96 deny 2002::/16 le 128
|
||||
ipv6 prefix-list transit-in-v6 seq 97 deny 3ffe::/16 le 128
|
||||
ipv6 prefix-list transit-in-v6 seq 98 deny 5f00::/8 le 128
|
||||
ipv6 prefix-list transit-in-v6 seq 99 permit 2000::/3 le 48
|
||||
ipv6 prefix-list internal-as213253 seq 1 permit 2a0e:fd45:2a00::/40 le 128
|
||||
ipv6 prefix-list internal-as213253 seq 2 permit 2a0e:e704:42::/48 le 128
|
||||
ipv6 prefix-list allow-default seq 5 permit ::/0
|
||||
ipv6 prefix-list origin-as213253 seq 1 permit 2a0e:fd45:2a00::/40
|
||||
!
|
||||
ipv6 route 2a0e:fd45:2a0c::/64 eth1
|
||||
ipv6 route fd80::179/128 2a0e:fd40:103::1 eth0
|
||||
!
|
||||
interface lo
|
||||
description Loopback0
|
||||
|
@ -15,10 +27,6 @@ exit
|
|||
router bgp 213253
|
||||
bgp router-id 45.139.163.92
|
||||
no bgp suppress-duplicates
|
||||
neighbor 2a0e:fd45:2a00:1::6 remote-as 213253
|
||||
neighbor 2a0e:fd45:2a00:1::6 description core-dro
|
||||
neighbor 2a0e:fd45:2a00:1::9 remote-as 213253
|
||||
neighbor 2a0e:fd45:2a00:1::9 description edge-fra
|
||||
neighbor 2a0e:fd45:2a00:1::11 remote-as 213253
|
||||
neighbor 2a0e:fd45:2a00:1::11 description core-vel
|
||||
neighbor fd80::179 remote-as 44103
|
||||
|
@ -33,18 +41,6 @@ router bgp 213253
|
|||
network 2a0e:fd45:2a00::/40
|
||||
redistribute connected
|
||||
redistribute static
|
||||
neighbor 2a0e:fd45:2a00:1::6 activate
|
||||
neighbor 2a0e:fd45:2a00:1::6 addpath-tx-all-paths
|
||||
neighbor 2a0e:fd45:2a00:1::6 next-hop-self
|
||||
neighbor 2a0e:fd45:2a00:1::6 soft-reconfiguration inbound
|
||||
neighbor 2a0e:fd45:2a00:1::6 route-map igp-internal-only in
|
||||
neighbor 2a0e:fd45:2a00:1::6 route-map igp-internal-only out
|
||||
neighbor 2a0e:fd45:2a00:1::9 activate
|
||||
neighbor 2a0e:fd45:2a00:1::9 addpath-tx-all-paths
|
||||
neighbor 2a0e:fd45:2a00:1::9 next-hop-self
|
||||
neighbor 2a0e:fd45:2a00:1::9 soft-reconfiguration inbound
|
||||
neighbor 2a0e:fd45:2a00:1::9 route-map igp-internal-only in
|
||||
neighbor 2a0e:fd45:2a00:1::9 route-map igp-internal-only out
|
||||
neighbor 2a0e:fd45:2a00:1::11 activate
|
||||
neighbor 2a0e:fd45:2a00:1::11 addpath-tx-all-paths
|
||||
neighbor 2a0e:fd45:2a00:1::11 next-hop-self
|
||||
|
@ -57,16 +53,6 @@ router bgp 213253
|
|||
exit-address-family
|
||||
exit
|
||||
!
|
||||
ipv6 prefix-list transit-in-v6 seq 1 permit ::/0 le 48
|
||||
ipv6 prefix-list transit-in-v6 seq 96 deny 2002::/16 le 128
|
||||
ipv6 prefix-list transit-in-v6 seq 97 deny 3ffe::/16 le 128
|
||||
ipv6 prefix-list transit-in-v6 seq 98 deny 5f00::/8 le 128
|
||||
ipv6 prefix-list transit-in-v6 seq 99 permit 2000::/3 le 48
|
||||
ipv6 prefix-list internal-as213253 seq 1 permit 2a0e:fd45:2a00::/40 le 128
|
||||
ipv6 prefix-list internal-as213253 seq 2 permit 2a0e:e704:42::/48 le 128
|
||||
ipv6 prefix-list allow-default seq 5 permit ::/0
|
||||
ipv6 prefix-list origin-as213253 seq 1 permit 2a0e:fd45:2a00::/40
|
||||
!
|
||||
route-map transit-44103-out-v6 permit 1
|
||||
match ipv6 address prefix-list origin-as213253
|
||||
exit
|
||||
|
@ -84,3 +70,4 @@ route-map igp-internal-only permit 10
|
|||
match ipv6 address prefix-list internal-as213253
|
||||
exit
|
||||
!
|
||||
end
|
|
@ -10,10 +10,10 @@ define WAN_IP = 45.139.163.92
|
|||
define FRONT_HTTP = 10.100.2.254
|
||||
define RICK_VM = 10.100.2.252
|
||||
|
||||
table inet nat {
|
||||
table ip nat {
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority 0;
|
||||
iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
|
||||
iifname $WAN tcp dport {80, 443, 2222, 2223} dnat ip to $FRONT_HTTP;
|
||||
iifname $WAN udp dport {443} dnat ip to $FRONT_HTTP;
|
||||
iifname $WAN tcp dport {62142,62169,62420} dnat ip to $RICK_VM;
|
||||
}
|
||||
|
@ -28,7 +28,7 @@ table inet nat {
|
|||
}
|
||||
}
|
||||
|
||||
table inet filter {
|
||||
table ip filter {
|
||||
chain input {
|
||||
type filter hook input priority 0;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue