diff options
| author | Trygve Laugstøl <trygvis@inamo.no> | 2025-04-27 07:37:32 +0200 |
|---|---|---|
| committer | Trygve Laugstøl <trygvis@inamo.no> | 2025-06-01 20:37:28 +0200 |
| commit | 90e9fe9041e24a9f47167f4142312ece25d85787 (patch) | |
| tree | 4e8ea90b3366c95713a7ab6339f93c993ee39d71 | |
| parent | 9c288da79e9b128ff62c5a56e535a9c1dc7277eb (diff) | |
| download | infra-90e9fe9041e24a9f47167f4142312ece25d85787.tar.gz infra-90e9fe9041e24a9f47167f4142312ece25d85787.tar.bz2 infra-90e9fe9041e24a9f47167f4142312ece25d85787.tar.xz infra-90e9fe9041e24a9f47167f4142312ece25d85787.zip | |
route64: wip config
| -rw-r--r-- | config/kv24ix.txt | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/config/kv24ix.txt b/config/kv24ix.txt index bacf816..8814c23 100644 --- a/config/kv24ix.txt +++ b/config/kv24ix.txt @@ -1,9 +1,13 @@ set firewall all-ping enable set firewall broadcast-ping disable -set firewall ipv6-modify HE_NET rule 20 action modify -set firewall ipv6-modify HE_NET rule 20 description he.net -set firewall ipv6-modify HE_NET rule 20 modify table 10 -set firewall ipv6-modify HE_NET rule 20 source address '2001:470:28:791::/64' +set firewall ipv6-modify PBR rule 20 action modify +set firewall ipv6-modify PBR rule 20 description he.net +set firewall ipv6-modify PBR rule 20 modify table 10 +set firewall ipv6-modify PBR rule 20 source address '2001:470:28:791::/64' +set firewall ipv6-modify PBR rule 30 action modify +set firewall ipv6-modify PBR rule 30 description route64.org +set firewall ipv6-modify PBR rule 30 modify table 11 +set firewall ipv6-modify PBR rule 30 source address '2a11:6c7:1201:1601::1/64' set firewall ipv6-name WANv6_IN default-action drop set firewall ipv6-name WANv6_IN description 'WAN inbound traffic forwarded to LAN' set firewall ipv6-name WANv6_IN enable-default-log @@ -92,8 +96,9 @@ set interfaces ethernet eth4 speed auto set interfaces loopback lo set interfaces switch switch0 address 192.168.10.1/24 set interfaces switch switch0 address '2001:470:28:791::1/64' +set interfaces switch switch0 address '2a11:6c7:1201:1601::1/64' set interfaces switch switch0 description Local -set interfaces switch switch0 firewall in ipv6-modify HE_NET +set interfaces switch switch0 firewall in ipv6-modify PBR set interfaces switch switch0 ipv6 dup-addr-detect-transmits 1 set interfaces switch switch0 mtu 1500 set interfaces switch switch0 switch-port interface eth1 @@ -145,7 +150,10 @@ set protocols bgp 4242423538 neighbor 'fe80:fef1:78a:5b64:efd3:ae7b:d286:d7ce' n set protocols bgp 4242423538 neighbor 'fe80:fef1:78a:5b64:efd3:ae7b:d286:d7ce' password trygvis set protocols bgp 4242423538 neighbor 'fe80:fef1:78a:5b64:efd3:ae7b:d286:d7ce' remote-as 4242423538 set protocols bgp 4242423538 parameters +set protocols static table 10 description he.net set protocols static table 10 interface-route6 '::/0' next-hop-interface tun0 +set protocols static table 11 description route64.org +set protocols static table 11 interface-route6 '::/0' next-hop-interface wg2 set service dhcp-server disabled false set service dhcp-server hostfile-update disable set service dhcp-server shared-network-name LAN authoritative enable |