4 # Require root permissions
5 test "$(id -u)" = "0" || exit 77
9 # (Re)create the network namespaces we are going to use
10 for ns in n nn p pn r; do
11 ip netns delete ${prefix}${ns} 2>/dev/null || true
12 ip netns add ${prefix}${ns}
13 ip netns exec ${prefix}${ns} ip link set dev lo up
16 # (Re)create the WAN bridge
17 ip link del ${prefix}br0 2>/dev/null || true
18 ip link add ${prefix}br0 type bridge
19 ip link set dev ${prefix}br0 up
21 # Set up the public interfaces of the nats and relay, and connect them to the bridge
23 ip link del ${prefix}${ns}_p0 2>/dev/null || true
24 ip link del ${prefix}${ns}_e0 2>/dev/null || true
25 ip link add ${prefix}${ns}_e0 type veth peer name ${prefix}${ns}_p0
26 ip link set ${prefix}${ns}_e0 netns ${prefix}${ns} name eth0
27 ip link set ${prefix}${ns}_p0 master ${prefix}br0 up
30 # Set up the LAN interfaces
32 ip link add ${prefix}${ns}_e0 type veth peer name ${prefix}${ns}n_e1
33 ip link set ${prefix}${ns}_e0 netns ${prefix}${ns} name eth0
34 ip link set ${prefix}${ns}n_e1 netns ${prefix}${ns}n name eth1
35 ip netns exec ${prefix}${ns} iptables -I INPUT -p tcp -s 203.0.113.2 -j DROP
36 ip netns exec ${prefix}${ns} iptables -I INPUT -p tcp -s 203.0.113.3 -j DROP
39 # Configure the IP addresses of all interfaces
40 while read ns iface addr gw; do
41 ip netns exec ${prefix}${ns} ip addr add ${addr} dev ${iface}
42 ip netns exec ${prefix}${ns} ip link set dev ${iface} up
43 if [ -n "${gw}" ]; then
44 ip netns exec ${prefix}${ns} ip route add default via ${gw}
47 n eth0 192.168.1.2/24 192.168.1.1
48 nn eth0 203.0.113.2/24
49 nn eth1 192.168.1.1/24
50 p eth0 192.168.1.2/24 192.168.1.1
51 pn eth0 203.0.113.3/24
52 pn eth1 192.168.1.1/24
53 r eth0 203.0.113.1/24 203.0.113.254
57 while read ns wan_addr; do
58 ip netns exec ${prefix}${ns} iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.1.2
59 ip netns exec ${prefix}${ns} iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source ${wan_addr}
projects / meshlink / blob