first commit in a while

2024-02-19 17:38:08 +00:00 · 2024-02-19 17:38:08 +00:00 · b7b534f0bb
commit b7b534f0bb
parent ae29e8c584
5 changed files with 70 additions and 2 deletions
--- a/ethernet_restreint/clean_no_restrent.sh
+++ b/ethernet_restreint/clean_no_restrent.sh
@ -0,0 +1,16 @@
+#!/bin/sh
+
+echo "clean firewall"
+echo "0" | tee /proc/sys/net/ipv4/ip_forward
+sv stop nftables
+sv start nftables
+
+echo "clean veth0 and br0"
+ip link del veth0
+ip link del br0
+ip link del dummy0
+
+echo "clean the rest of the bridges."
+ip link del br1
+ip link del br2
+
--- a/ethernet_restreint/config_interface.sh
+++ b/ethernet_restreint/config_interface.sh
@ -24,6 +24,7 @@ ip address delete 10.0.2.100/24 dev tap0
 ip address add 10.0.2.100/24 dev br0
 ip link set dev br0 up
 ip route add default via 10.0.2.0 dev br0
+ip route add 10.10.0.0/24 via 10.0.2.31

 bridge="br1"
 add_bridge
--- a/ethernet_restreint/enter_ethernet_restreint.sh
+++ b/ethernet_restreint/enter_ethernet_restreint.sh
@ -2,7 +2,7 @@
 #

 #echo $$ > /tmp/pid
-#unshare --user --map-root-user --net --mount
+#exec unshare --user --map-root-user --net --mount
 #slirp4netns

 rootlesskit --net=slirp4netns --copy-up=/etc bash
--- a/ethernet_restreint/no_restreint.sh
+++ b/ethernet_restreint/no_restreint.sh
@ -0,0 +1,51 @@
+#!/bin/sh
+
+
+if which doas &> /dev/null
+then
+    rooter=$(which doas)
+elif which sudo &> /dev/null
+then
+    rooter=$(which sudo)
+elif [ "$(id -u)" == "0" ]
+then
+    rooter=""
+else
+    echo "Error, no enough rights" >&2
+    exit
+fi
+
+echo "change firewall rules"
+# step zero, active ipv4_forward, and changes rule nftables to authorise forward, and and masquerade wlan0.
+echo "1" | $rooter tee /proc/sys/net/ipv4/ip_forward
+$rooter nft flush ruleset
+echo "e"
+$rooter nft "table inet my_nat {
+	chain postrouting {
+		type nat hook postrouting priority srcnat; policy accept;
+		oifname "wlan0" masquerade
+	}
+}"
+
+echo "create dummy interface veth0"
+# step one, create a dummy veth interface
+$rooter ip link add veth0 type dummy
+$rooter ip a add 10.0.2.2/24 dev veth0
+$rooter ip link set dev veth0 up
+
+echo "link br0 with veth0"
+# step two, create the bridge br0 interface, and link it with veth0
+$rooter ip link add br0 type bridge
+$rooter ip link set dev veth0 master br0
+$rooter ip link set dev br0 up
+$rooter ip a del 10.0.2.2/24 dev veth0
+$rooter ip a add 10.0.2.2/24 dev br0
+$rooter ip route add 10.0.2.0/24 via 10.0.2.31 dev br0
+$rooter ip route add 10.10.0.0/16 via 10.0.2.31 dev br0
+
+echo "create two other interfaces."
+# step three, create others bridges interface
+$rooter ip link add br1 type bridge
+$rooter ip link set dev br1 up
+$rooter ip link add br2 type bridge
+$rooter ip link set dev br2 up
--- a/vm-start.sh
+++ b/vm-start.sh
@ -227,7 +227,7 @@ set_net() {
                exit 1
            fi
            network="${network} \
-                -netdev bridge,id=${1#*:} \
+                -netdev bridge,id=${1#*:},br=${1#*:} \
                -device virtio-net,netdev=${1#*:},mac=${mac}"
            ;;
        "none")