FSF France machines management - Cookbook: recipe #331, Networking configuration specific...

recipe #331, HowTo: Networking configuration specific to Z2 nodes installed at rennes

On the gateway

If 10.10.1.130 is the IP of a new VM and 10.10.0.2 is the primary node on which it resides, on the firewall that NAT to the net all packets comming from 10.10.0.2, do the following:

and restart shorewall.

On the node

To have 10.10.11.0/24 directly routed on eth0 instead of using the route propagated by ospf (z2-5 -> openvpn.fsf -> rennes.tld etc ...).
The idea is to filter the kernel routes :
z2-7:/etc/quagga# vtysh -c "show ip route kernel" Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route K>* 0.0.0.0/0 via 192.168.25.253, eth0 K * 10.10.0.254/32 is directly connected, br0 K>* 10.10.1.84/32 is directly connected, br0 K>* 10.10.10.0/24 is directly connected, eth0 K>* 10.10.11.0/24 is directly connected, eth0

We do not want to propagate the default route, and the 10.10.10/11 networks, so we will only allows :

• 10.10.1.0/24 => vm subnet
• 10.10.0.0/24 => hosts subnet
• 10.1.0.0/16 => vpn mesh subnet

In /etc/quagga/ospfd.conf, after the 2 "network" entries :
distribute-list KERNELOUT out kernel access-list KERNELOUT permit 10.10.1.0/24 access-list KERNELOUT permit 10.10.0.0/24 access-list KERNELOUT permit 10.1.0.0/16

Then restart quagga.

Audience and Context

(As there is at least one of the Audience/Feature/Action context information not set, this recipe will not show up in related recipes links)