Changeset 13861 in genesis


Ignore:
Timestamp:
May 9, 2017, 6:15:37 AM (8 years ago)
Author:
rick
Message:

Make rdr_rules global for multi-access use.

Allowing them to be used at all exit-nodes, which could be usefull if one
exit-node is down and service still need to continue working.

Files:
1 added
11 edited

Legend:

Unmodified
Added
Removed

  • nodes/Henk/wleiden.yaml

    r13844 r13861  
    1515rdnap_y   : 464983
    1616rdr_host  : "213.73.188.7"
    17 rdr_rules :
    18 - ['tcp', 9070, '172.16.16.2', 80]
    19 - ['tcp', 9080, '172.17.0.41', 80]
    20 - ['tcp', 9081, '172.17.0.42', 554]
    21 - ['tcp', 9082, '172.17.0.43', 554]
    22 - ['tcp', 9083, '172.17.0.44', 80]
    23 - ['tcp', 9084, '172.17.0.43', 80]
    24 - ['tcp', 9085, '172.17.0.42', 80]
    25 - ['tcp', 9086, '172.17.0.45', 21]
    26 - ['tcp', 9087, '172.17.0.45', 3389]
    27 - ['tcp', 9092, '172.17.51.5', 80]
    28 - ['tcp', 9096, '172.17.13.66', 88]
    2917release   : "9.0-RELEASE"
    3018remote_access: "213.73.188.7"

  • nodes/Herman/wleiden.yaml

    r13844 r13861  
    1616rdnap_y   : "474703"
    1717rdr_host  : "scholten.ddns.net"
    18 rdr_rules :
    19 - ['tcp', 3389, '172.17.0.45', 3389]
    20 - ['tcp', 9080, '172.17.0.41', 80]
    21 - ['tcp', 9081, '172.17.0.42', 554]
    22 - ['tcp', 9082, '172.17.0.43', 554]
    23 - ['tcp', 9083, '172.17.0.44', 80]
    24 - ['tcp', 9084, '172.17.0.43', 80]
    25 - ['tcp', 9085, '172.17.0.42', 80]
    26 - ['tcp', 9086, '172.17.0.45', 21]
    27 - ['tcp', 9087, '172.17.0.45', 3389]
    28 - ['tcp', 9092, '172.17.51.5', 80]
    29 - ['tcp', 9096, '172.17.13.66', 88]
    3018release   : "9.0-RELEASE"
    3119service_accesspoint: False

  • nodes/JorisdeWitte/wleiden.yaml

    r13844 r13861  
    1515rdnap_y   : 467757
    1616rdr_host  : "213.124.17.163"
    17 rdr_rules :
    18 - ['tcp', 9080, '172.17.0.41', 80]
    19 - ['tcp', 9081, '172.17.0.42', 554]
    20 - ['tcp', 9082, '172.17.0.43', 554]
    21 - ['tcp', 9083, '172.17.0.44', 80]
    22 - ['tcp', 9084, '172.17.0.43', 80]
    23 - ['tcp', 9085, '172.17.0.42', 80]
    24 - ['tcp', 9086, '172.17.0.45', 21]
    25 - ['tcp', 9087, '172.17.0.45', 3389]
    26 - ['tcp', 9091, '172.16.9.237', 88]
    27 - ['tcp', 9092, '172.17.51.5', 80]
    28 - ['tcp', 9096, '172.17.13.66', 88]
    29 - ['tcp', 9099, '172.16.9.116', 80]
    3017release   : "9.0-RELEASE"
    3118service_accesspoint: True

  • nodes/Rick/wleiden.yaml

    r13844 r13861  
    1818rdnap_y   : 462103
    1919rdr_host  : "80.127.152.27"
    20 rdr_rules :
    21 - ['tcp', 9080, '172.17.0.41', 80]
    22 - ['tcp', 9081, '172.17.0.42', 554]
    23 - ['tcp', 9082, '172.17.0.43', 554]
    24 - ['tcp', 9083, '172.17.0.44', 80]
    25 - ['tcp', 9084, '172.17.0.43', 80]
    26 - ['tcp', 9085, '172.17.0.42', 80]
    27 - ['tcp', 9086, '172.17.0.45', 21]
    28 - ['tcp', 9087, '172.17.0.45', 3389]
    29 - ['tcp', 9092, '172.17.51.5', 80]
    30 - ['tcp', 9096, '172.17.13.66', 88]
    3120release   : "9.0-RELEASE"
    3221service_accesspoint: True

  • nodes/Rustdam2/wleiden.yaml

    r13853 r13861  
    1515rdnap_y   : "458435"
    1616rdr_host  : "217.101.190.34"
    17 rdr_rules :
    18 - ['tcp', 9080, '172.17.0.41', 80]
    19 - ['tcp', 9081, '172.17.0.42', 554]
    20 - ['tcp', 9082, '172.17.0.43', 554]
    21 - ['tcp', 9083, '172.17.0.44', 80]
    22 - ['tcp', 9084, '172.17.0.43', 80]
    23 - ['tcp', 9085, '172.17.0.42', 80]
    24 - ['tcp', 9086, '172.17.0.45', 21]
    25 - ['tcp', 9087, '172.17.0.45', 3389]
    26 - ['tcp', 9090, '172.17.2.67', 80]
    27 - ['tcp', 9091, '172.16.9.237', 88]
    28 - ['tcp', 9092, '172.17.51.5', 80]
    29 - ['tcp', 9093, '172.17.51.5', 554]
    30 - ['tcp', 9096, '172.17.13.66', 88]
    31 - ['tcp', 9097, '172.17.52.10', 88]
    32 - ['tcp', 9100, '172.16.9.202', 88]
    3317release   : "9.0-RELEASE"
    3418remote_access: "94.210.178.47:1022"

  • nodes/StVictor/wleiden.yaml

    r13844 r13861  
    1515rdnap_y   : 474031
    1616rdr_host  : "82.217.246.132"
    17 rdr_rules :
    18 - ['tcp', 9080, '172.17.0.41', 80]
    19 - ['tcp', 9081, '172.17.0.42', 554]
    20 - ['tcp', 9082, '172.17.0.43', 554]
    21 - ['tcp', 9083, '172.17.0.44', 80]
    22 - ['tcp', 9084, '172.17.0.43', 80]
    23 - ['tcp', 9085, '172.17.0.42', 80]
    24 - ['tcp', 9086, '172.17.0.45', 21]
    25 - ['tcp', 9087, '172.17.0.45', 3389]
    26 - ['tcp', 9088, '172.16.6.229', 9081]
    27 - ['tcp', 9091, '172.16.9.237', 88]
    28 - ['tcp', 9092, '172.17.51.5', 80]
    29 - ['tcp', 9096, '172.17.13.66', 88]
    30 - ['tcp', 9099, '172.16.9.116', 80]
    3117release   : "9.0-RELEASE"
    3218service_accesspoint: True

  • nodes/TEYBestuurscentrum/wleiden.yaml

    r13844 r13861  
    1717rdnap_y   : 470942
    1818rdr_host  : "213.125.198.99"
    19 rdr_rules :
    20 - ['tcp', 9080, '172.17.0.41', 80]
    21 - ['tcp', 9081, '172.17.0.42', 554]
    22 - ['tcp', 9082, '172.17.0.43', 554]
    23 - ['tcp', 9083, '172.17.0.44', 80]
    24 - ['tcp', 9084, '172.17.0.43', 80]
    25 - ['tcp', 9085, '172.17.0.42', 80]
    26 - ['tcp', 9086, '172.17.0.45', 21]
    27 - ['tcp', 9087, '172.17.0.45', 3389]
    28 - ['tcp', 9090, '172.17.2.67', 80]
    29 - ['tcp', 9091, '172.16.9.237', 88]
    30 - ['tcp', 9092, '172.17.51.5', 80]
    31 - ['tcp', 9096, '172.17.13.66', 88]
    3219release   : "9.0-RELEASE"
    3320remote_access: "213.125.198.99:22"

  • nodes/TestTienAlix3D/wleiden.yaml

    r13844 r13861  
    1515rdnap_y   : 464983
    1616rdr_host  : "0.0.0.0"
    17 rdr_rules :
    18 - ['tcp', 9080, '172.17.0.41', 80]
    19 - ['tcp', 9081, '172.17.0.42', 554]
    20 - ['tcp', 9082, '172.17.0.43', 554]
    21 - ['tcp', 9083, '172.17.0.44', 80]
    22 - ['tcp', 9084, '172.17.0.43', 80]
    23 - ['tcp', 9085, '172.17.0.42', 80]
    24 - ['tcp', 9086, '172.17.0.45', 21]
    25 - ['tcp', 9087, '172.17.0.45', 3389]
    26 - ['tcp', 9092, '172.17.51.5', 80]
    27 - ['tcp', 9096, '172.17.13.66', 88]
    2817release   : "10.2-RELEASE"
    2918remote_access: ""

  • nodes/TestTienThuis/wleiden.yaml

    r13844 r13861  
    1515rdnap_y   : 464983
    1616rdr_host  : "0.0.0.0"
    17 rdr_rules :
    18 - ['tcp', 9080, '172.17.0.41', 80]
    19 - ['tcp', 9081, '172.17.0.42', 554]
    20 - ['tcp', 9082, '172.17.0.43', 554]
    21 - ['tcp', 9083, '172.17.0.44', 80]
    22 - ['tcp', 9084, '172.17.0.43', 80]
    23 - ['tcp', 9085, '172.17.0.42', 80]
    24 - ['tcp', 9086, '172.17.0.45', 21]
    25 - ['tcp', 9087, '172.17.0.45', 3389]
    26 - ['tcp', 9092, '172.17.51.5', 80]
    27 - ['tcp', 9096, '172.17.13.66', 88]
    2817release   : "10.2-RELEASE"
    2918remote_access: ""

  • nodes/Watertoren1/wleiden.yaml

    r13548 r13861  
    1616rdnap_y   : 474286
    1717rdr_host  : "92.66.227.163"
    18 rdr_rules :
    19 - ['tcp', 9080, '172.17.0.41', 80]
    20 - ['tcp', 9081, '172.17.0.42', 554]
    21 - ['tcp', 9082, '172.17.0.43', 554]
    22 - ['tcp', 9083, '172.17.0.44', 80]
    23 - ['tcp', 9092, '172.17.51.5', 80]
    24 - ['tcp', 9096, '172.17.13.66', 88]
    25 - ['tcp', 43389, '172.17.0.45', 3389]
    2618release   : "9.0-RELEASE"
    2719remote_access: "92.66.227.163:22"

  • tools/gformat.py

    r13843 r13861  
    175175
    176176    gfile = os.path.join(NODE_DIR,item,'wleiden.yaml')
     177    global_rdr_file = os.path.join(NODE_DIR,'global_rdr_rules.yaml')
     178    d = yaml.load(open(global_rdr_file, 'r'), Loader=Loader)
    177179
    178180    # Default values
     
    184186    f = open(gfile, 'r')
    185187    datadump.update(yaml.load(f,Loader=Loader))
     188    datadump['autogen_global_rdr_rules'] = d['global_rdr_rules']
    186189    if datadump['nodetype'] == 'Hybrid':
    187190      # Some values are defined implicitly
    188       if datadump.has_key('rdr_rules') and datadump['rdr_rules'] and not datadump.has_key('service_incoming_rdr'):
     191      if datadump.has_key('rdr_host') and datadump['rdr_host'] and not datadump.has_key('service_incoming_rdr'):
    189192        datadump['service_incoming_rdr'] = True
    190193      # Use some boring defaults
     
    507510  """ Generate config file '/usr/local/etc/dhcpd.conf """
    508511  # Redundency support, in cause local DNS server is not running/responding.
    509   datadump['autogen_domain_name_servers'] = [datadump['masterip']] + [x[1] for x in get_neighbours(datadump)]
     512  datadump['autogen_backup_dns_servers'] = [x[1] for x in get_neighbours(datadump)]
    510513  output = generate_header(datadump)
    511514  output += Template("""\
    512515# option definitions common to all supported networks...
    513516option domain-name "dhcp.{{ autogen_fqdn }}";
    514 
    515 option domain-name-servers {{ autogen_domain_name_servers|join(", ") }};
    516517
    517518default-lease-time 600;
     
    569570    datadump[iface_key]['autogen_dhcp_start'] = dhcp_part + "." + dhcp_start
    570571    datadump[iface_key]['autogen_dhcp_stop'] =  dhcp_part + "." + dhcp_stop
     572    datadump[iface_key]['autogen_dns_servers'] = ','.join([datadump[iface_key]['autogen_addr']] + datadump['autogen_backup_dns_servers'])
    571573
    572574    # Assume the first 10 IPs could be used for static entries
     
    586588        range %(autogen_dhcp_start)s %(autogen_dhcp_stop)s;
    587589        option routers %(autogen_addr)s;
     590        option domain-name-servers %(autogen_dns_servers)s;
     591
    588592      }
    589593      """ % datadump[iface_key]))
     
    11681172  """ Generate configuration file '/etc/pf.hybrid.conf.local' """
    11691173  datadump['autogen_header'] = generate_header(datadump, "#")
     1174  if datadump['service_incoming_rdr']:
     1175    datadump['global_rdr_rules'] = datadump['autogen_global_rdr_rules']
    11701176  return Template("""\
    11711177{{ autogen_header }}
    11721178
    11731179# Redirect some internal facing services outside (7)
    1174 # INFO: {{ rdr_rules|count }} rdr_rules (outside to internal redirect rules) defined.
     1180# INFO: {{ global_rdr_rules|count }} global_rdr_rules active on this node.
     1181{% for protocol, src_port,dest_ip,dest_port in global_rdr_rules -%}
     1182rdr on $ext_if inet proto {{ protocol }} from any to $ext_if port {{ src_port }} tag SRV -> {{ dest_ip }} port {{ dest_port }}
     1183{% endfor -%}
     1184# INFO: {{ rdr_rules|count }} node specific rdr_rules defined.
    11751185{% for protocol, src_port,dest_ip,dest_port in rdr_rules -%}
    11761186rdr on $ext_if inet proto {{ protocol }} from any to $ext_if port {{ src_port }} tag SRV -> {{ dest_ip }} port {{ dest_port }}
Note: See TracChangeset for help on using the changeset viewer.