Last active
March 8, 2023 18:10
-
-
Save LuisPalacios/baa778c216b5d1560dad332ab6cacce1 to your computer and use it in GitHub Desktop.
Sur: /etc/openvpn/client/sur_cliente_bridge_ethernet_de_norte_UP.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| ## | |
| ## Fichero /etc/openvpn/client/sur_cliente_bridge_ethernet_de_norte_UP.sh | |
| ## En Servidor ‘sur’ | |
| ## | |
| ## Este fichero está relacionado con este apunte: | |
| ## https://www.luispa.com/linux/2014/10/19/bridge-ethernet.html | |
| ## | |
| # Script que se ejecuta al hacer un `start` del servicio Bridge Ethernet | |
| # Interfaces, rutas + IP y MACs asociaré a las interfaces tap y bridge | |
| . /etc/openvpn/client/sur_cliente_bridge_ethernet_de_norte_CONFIG.sh | |
| # Activo el tunel IPSec | |
| ip link set ${EB_TAP} address ${mac_tap} | |
| ip link set ${EB_TAP} up | |
| # SETUP BRIDGE | |
| brctl addbr ${EB_BRIDGE} | |
| brctl stp ${EB_BRIDGE} off # HUB: no uso STP | |
| brctl setageing ${EB_BRIDGE} 0 # HUB: olvidar MAC addresses, be a HUB | |
| brctl setfd ${EB_BRIDGE} 0 # HUB: elimino el forward delay | |
| #ip link set ${EB_BRIDGE} promisc on # entregar el paquete en local | |
| ip link set ${EB_BRIDGE} address ${mac_bridge} # Cada nodo debe tener una distinta | |
| ip link set ${EB_BRIDGE} arp on | |
| ip link set ${EB_BRIDGE} mtu ${mtu} | |
| ip link set ${EB_BRIDGE} up | |
| # Activatar VLAN y cambiar MTU | |
| ip link set ${EB_VLAN} up | |
| ip link set ${EB_VLAN} mtu ${mtu} | |
| # Añadir interfaces al bridge | |
| brctl addif ${EB_BRIDGE} ${EB_TAP} # Añado tunel ipsec al bridge | |
| brctl addif ${EB_BRIDGE} ${EB_VLAN} # Añado vlan al bridge | |
| # Asignar una IP al Bridge si queremos que vaya todo por el bridge | |
| # IMPORTANTÍSIMO poner /24 o asignará una /32 (no funcionará) | |
| ip addr add ${bridge_ip_local} brd + dev ${EB_BRIDGE} | |
| # Me aseguro de configurar bien el rp_filter | |
| echo -n 0 > /proc/sys/net/ipv4/conf/${EB_BRIDGE}/rp_filter | |
| echo -n 1 > /proc/sys/net/ipv4/conf/${EB_VLAN}/rp_filter | |
| echo -n 1 > /proc/sys/net/ipv4/conf/${EB_TAP}/rp_filter | |
| # Me aseguro de que el forwarding está funcionando | |
| echo -n 1 > /proc/sys/net/ipv4/ip_forward | |
| # Permito el tráfico | |
| for i in `echo ${EB_TAP} ${EB_VLAN} ${EB_BRIDGE}`; do | |
| iptables -I INPUT -i ${i} -j ACCEPT | |
| iptables -I FORWARD -i ${i} -j ACCEPT | |
| iptables -I OUTPUT -o ${i} -j ACCEPT | |
| done | |
| # Tabla de routing para los Decos | |
| /etc/openvpn/client/sur_cliente_bridge_ethernet_de_norte_RT_UP.sh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment