diff --git a/ethernet_restreint/clean_no_restrent.sh b/ethernet_restreint/clean_no_restrent.sh new file mode 100755 index 0000000..2e4401c --- /dev/null +++ b/ethernet_restreint/clean_no_restrent.sh @@ -0,0 +1,16 @@ +#!/bin/sh + +echo "clean firewall" +echo "0" | tee /proc/sys/net/ipv4/ip_forward +sv stop nftables +sv start nftables + +echo "clean veth0 and br0" +ip link del veth0 +ip link del br0 +ip link del dummy0 + +echo "clean the rest of the bridges." +ip link del br1 +ip link del br2 + diff --git a/ethernet_restreint/config_interface.sh b/ethernet_restreint/config_interface.sh index 0bf5133..c9445d6 100755 --- a/ethernet_restreint/config_interface.sh +++ b/ethernet_restreint/config_interface.sh @@ -24,6 +24,7 @@ ip address delete 10.0.2.100/24 dev tap0 ip address add 10.0.2.100/24 dev br0 ip link set dev br0 up ip route add default via 10.0.2.0 dev br0 +ip route add 10.10.0.0/24 via 10.0.2.31 bridge="br1" add_bridge diff --git a/ethernet_restreint/enter_ethernet_restreint.sh b/ethernet_restreint/enter_ethernet_restreint.sh index e84c446..eeb31db 100755 --- a/ethernet_restreint/enter_ethernet_restreint.sh +++ b/ethernet_restreint/enter_ethernet_restreint.sh @@ -2,7 +2,7 @@ # #echo $$ > /tmp/pid -#unshare --user --map-root-user --net --mount +#exec unshare --user --map-root-user --net --mount #slirp4netns rootlesskit --net=slirp4netns --copy-up=/etc bash diff --git a/ethernet_restreint/no_restreint.sh b/ethernet_restreint/no_restreint.sh new file mode 100755 index 0000000..bfac48c --- /dev/null +++ b/ethernet_restreint/no_restreint.sh @@ -0,0 +1,51 @@ +#!/bin/sh + + +if which doas &> /dev/null +then + rooter=$(which doas) +elif which sudo &> /dev/null +then + rooter=$(which sudo) +elif [ "$(id -u)" == "0" ] +then + rooter="" +else + echo "Error, no enough rights" >&2 + exit +fi + +echo "change firewall rules" +# step zero, active ipv4_forward, and changes rule nftables to authorise forward, and and masquerade wlan0. +echo "1" | $rooter tee /proc/sys/net/ipv4/ip_forward +$rooter nft flush ruleset +echo "e" +$rooter nft "table inet my_nat { + chain postrouting { + type nat hook postrouting priority srcnat; policy accept; + oifname "wlan0" masquerade + } +}" + +echo "create dummy interface veth0" +# step one, create a dummy veth interface +$rooter ip link add veth0 type dummy +$rooter ip a add 10.0.2.2/24 dev veth0 +$rooter ip link set dev veth0 up + +echo "link br0 with veth0" +# step two, create the bridge br0 interface, and link it with veth0 +$rooter ip link add br0 type bridge +$rooter ip link set dev veth0 master br0 +$rooter ip link set dev br0 up +$rooter ip a del 10.0.2.2/24 dev veth0 +$rooter ip a add 10.0.2.2/24 dev br0 +$rooter ip route add 10.0.2.0/24 via 10.0.2.31 dev br0 +$rooter ip route add 10.10.0.0/16 via 10.0.2.31 dev br0 + +echo "create two other interfaces." +# step three, create others bridges interface +$rooter ip link add br1 type bridge +$rooter ip link set dev br1 up +$rooter ip link add br2 type bridge +$rooter ip link set dev br2 up diff --git a/vm-start.sh b/vm-start.sh index 6219da9..d9384ae 100755 --- a/vm-start.sh +++ b/vm-start.sh @@ -227,7 +227,7 @@ set_net() { exit 1 fi network="${network} \ - -netdev bridge,id=${1#*:} \ + -netdev bridge,id=${1#*:},br=${1#*:} \ -device virtio-net,netdev=${1#*:},mac=${mac}" ;; "none")