From e030b26475f7744c2fa632cc6c21a4035803d453 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Mon, 19 Jul 2021 21:07:42 +0200
Subject: [PATCH] Enable IP forwarding on routed interfaces

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 roles/router/templates/interfaces-aurore      | 22 +++++++++++++++----
 roles/router/templates/keepalived-aurore.conf |  2 +-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/roles/router/templates/interfaces-aurore b/roles/router/templates/interfaces-aurore
index 5226cdc..48a20d9 100644
--- a/roles/router/templates/interfaces-aurore
+++ b/roles/router/templates/interfaces-aurore
@@ -11,9 +11,11 @@ iface lo inet loopback
 auto ens18
 iface ens18 inet static
         address 10.129.0.{{ router_hard_ip_suffix }}/16
+        ip-forward 1  # FIXME adm should not be routed in the future
 
 iface ens18 inet6 static
         address 2a09:6840:129::0:{{ router_hard_ip_suffix }}/64
+        ip-forward 1
 
 
 # The primary network interface
@@ -21,9 +23,11 @@ allow-hotplug ens19
 iface ens19 inet static
         address 10.128.0.{{ router_hard_ip_suffix }}/16
         dns-search adm.auro.re
+        ip-forward 1
 
 iface ens19 inet6 static
         address 2a09:6840:128::0:{{ router_hard_ip_suffix }}/64
+        ip-forward 1
 
 # VlAN 130: switches
 auto ens20
@@ -37,6 +41,7 @@ iface ens20 inet6 static
 auto ens21
 iface ens21 inet static
         address 45.66.111.{{ router_hard_ip_suffix }}/24
+        ip-forward 1
 
         # Nécessaire pour contacter re2o et bootstrap le firewall.
         # Ces directives sont _aussi_ set par aurore-firewall !
@@ -46,14 +51,17 @@ iface ens21 inet static
 
 iface ens21 inet6 static
         address 2a09:6840:111::{{ router_hard_ip_suffix }}/48
+        ip-forward 1
 
 # VLAN 110: IP publiques adhérents
 auto ens22
 iface ens22 inet static
         address 45.66.110.{{ router_hard_ip_suffix }}/24
+        ip-forward 1
 
 iface ens22 inet6 static
         address 2a09:6840:110::{{ router_hard_ip_suffix }}/48
+        ip-forward 1
 
 # VLAN 131: onduleurs et PDU
 auto ens23
@@ -65,10 +73,16 @@ iface ens23 inet6 static
 
 # VLAN 120: Interco Zayo
 auto ens1
-iface ens1 inet manual
-iface ens1 inet6 manual
+iface ens1 inet static
+        ip-forward 1
+
+iface ens1 inet6 static
+        ip-forward 1
 
 # VLAN 121: Interco Crans
 auto ens2
-iface ens2 inet manual
-iface ens2 inet6 manual
+iface ens2 inet static
+        ip-forward 1
+
+iface ens2 inet6 static
+        ip-forward 1
diff --git a/roles/router/templates/keepalived-aurore.conf b/roles/router/templates/keepalived-aurore.conf
index 57c18d5..81c6147 100644
--- a/roles/router/templates/keepalived-aurore.conf
+++ b/roles/router/templates/keepalived-aurore.conf
@@ -57,7 +57,7 @@ vrrp_instance VI_ROUT_aurore_IPv4 {
     10.131.0.254/16 brd 10.131.255.255 dev ens23 scope global
 
     # VLAN 121: Interco Crans
-    185.230.79.254/29 dev ens2 scope global
+    185.230.79.254/29 brd 185.230.79.255 dev ens2 scope global
   }
 
   virtual_routes {