crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ajout du vlan isolement dans le firewall

Browse source 
darcs-hash:20090329181805-8fbb1-22d28d7af4f5ff13a2d2c7667d6efe56d2b68b04.gz
This commit is contained in:
Olivier Huber 2009-03-29 20:18:05 +02:00
parent a6d4730055
commit 4cdbeca906
2 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
gestion/config.py
View file

@ -402,6 +402,8 @@ vlans = {
# VLan de la connexion gratuite # VLan de la connexion gratuite
'gratuit' : 6, 'gratuit' : 6,
'radin' : 6, 'radin' : 6,
# Vlan isolement
'isolement' : 9,
# VLan des appartements de l'ENS # VLan des appartements de l'ENS
'appts': 21 'appts': 21
} }

3
gestion/gen_confs/firewall.py
View file

@ -1230,9 +1230,10 @@ class firewall_sable(firewall_rouge):
if_defaut = "eth0" if_defaut = "eth0"
if_radin = "eth0.%d" % vlans["radin"] if_radin = "eth0.%d" % vlans["radin"]
if_accueil = "eth0.%d" % vlans["accueil"] if_accueil = "eth0.%d" % vlans["accueil"]
if_isolement = "eth0.%d" % vlans["isolement"]
# Proxy transparent pour les vlans radin et accueil # Proxy transparent pour les vlans radin et accueil
for interface in [if_radin, if_accueil]: for interface in [if_radin, if_accueil, if_isolement]:
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128" % interface) iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 80 -j DNAT --to-destination 10.51.0.1:3128" % interface)
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT" % interface) iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 3128 -j ACCEPT" % interface)
iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface) iptables("-t nat -i %s -A PREROUTING -p tcp --destination-port 443 -j ACCEPT" % interface)