You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
116 lines
3.2 KiB
Python
116 lines
3.2 KiB
Python
# -*- mode: python; coding: utf-8 -*-
|
|
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
|
# se veut agnostique au réseau considéré, de manière à être installable en
|
|
# quelques clics.
|
|
#
|
|
# Copyright © 2017 Gabriel Détraz
|
|
# Copyright © 2017 Goulven Kermarec
|
|
# Copyright © 2017 Augustin Lemesle
|
|
#
|
|
# This program is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License along
|
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
|
### Specify each interface role
|
|
role = ['routeur'] # , 'portail']
|
|
|
|
interfaces_type = {
|
|
'routable' : ['eth1', 'eth2'],
|
|
# 'routable-portail': ['eth2'],
|
|
'sortie' : ['eth3', 'eth4'],
|
|
'admin' : ['eth5', 'eth6']
|
|
}
|
|
|
|
### Specify nat settings: name, interfaces with range, and global range for nat
|
|
### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
|
|
### contain /16 range
|
|
|
|
nat = [
|
|
{
|
|
'name' : 'nat1',
|
|
'interfaces_ip_to_nat' : {
|
|
'eth1' : '185.230.76.0/24',
|
|
'eth2' : '138.230.76.0/24',
|
|
},
|
|
'ip_sources' : '10.42.0.0/16',
|
|
'extra_nat' : {
|
|
'eth1': {
|
|
'10.129.1.240' : '45.66.108.251'
|
|
},
|
|
},
|
|
},
|
|
{
|
|
'name' : 'nat2',
|
|
'interfaces_ip_to_nat' : {
|
|
'eth1' : '185.230.77.0/24',
|
|
'eth3' : '138.1.145.0/24'
|
|
},
|
|
'ip_sources' : '10.43.0.0/16',
|
|
'extra_nat' : {
|
|
'eth2': {
|
|
'10.129.1.240' : '45.66.108.251'
|
|
},
|
|
},
|
|
}
|
|
]
|
|
|
|
# portail = {
|
|
# "autorized_hosts": {
|
|
# "tcp": {
|
|
# "45.66.111.61": ["80", "443"],
|
|
# "185.230.79.10": ["80", "443"]
|
|
# },
|
|
# "udp": {}
|
|
# },
|
|
# "ip_redirect": {
|
|
# "0.0.0.0/0": {
|
|
# "tcp": {
|
|
# "45.66.111.61": ["80", "443"]
|
|
# }
|
|
# }
|
|
# }
|
|
# }
|
|
|
|
# ATTENTION: on doit avoir retry ≥ grace
|
|
# ATTENTION: il faut que ip_redirect gère tous les ports
|
|
# autorisés dans le profile re2o, sinon on laisse sortir
|
|
# du trafic
|
|
accueils = [
|
|
{
|
|
'iface': 'ens23',
|
|
'grace_period': 1800,
|
|
'retry_period': 86400,
|
|
'ip_sources': [
|
|
'10.43.1.0/24',
|
|
'10.43.2.0/24',
|
|
],
|
|
'ip_redirect': {
|
|
"tcp": {
|
|
"10.43.0.247": ["80", "443"]
|
|
}
|
|
},
|
|
'triggers': [
|
|
('4', 'tcp', '46.255.53.35', 443), # ComNPay
|
|
('4', 'tcp', '46.255.53.35', 80),
|
|
]
|
|
}
|
|
]
|
|
|
|
### Specifiy tuples of interfaces that should be directly forwarded without any
|
|
### firewall rule.
|
|
|
|
# external_forward = [
|
|
# ('eth1', 'eth2'),
|
|
# ]
|