mango.m4: Reverse NAT into the main network.

[firewall] / local.m4

diff --git a/local.m4 b/local.m4
index fd660bd..78e63d4 100644 (file)
--- a/local.m4
+++ b/local.m4
@@ -151,7 +151,7 @@ defhost radius
        iface eth0 dmz unsafe safe untrusted vpn sgo colobdry default
        iface eth1 dmz unsafe safe untrusted vpn sgo colobdry default
        iface eth2 dmz unsafe safe untrusted vpn sgo colobdry
-       iface eth3 untrusted vpn default
+       iface eth3 unsafe untrusted vpn default
        iface ppp0 default
        iface t6-he default
        iface vpn-precision colobdry vpn sgo
@@ -167,13 +167,13 @@ defhost artist
        hosttype router
        iface eth0 dmz unsafe untrusted
        iface eth1 dmz unsafe untrusted
-       iface eth3 untrusted
+       iface eth3 unsafe untrusted
 defhost vampire
        hosttype router
        iface eth0.4 dmz unsafe untrusted safe vpn sgo colobdry
        iface eth0.5 dmz unsafe untrusted safe vpn sgo colobdry
        iface eth0.6 dmz unsafe safe untrusted vpn sgo colobdry
-       iface eth0.7 untrusted
+       iface eth0.7 unsafe untrusted vpn
        iface vpn-precision colobdry vpn sgo
        iface vpn-chiark sgo
        iface vpn-+ vpn
@@ -212,6 +212,7 @@ defhost precision
        hosttype router
        iface eth0 jump colo vpn sgo
        iface eth1 jump colo vpn sgo
+       iface vpn-mango binswood
        iface vpn-radius housebdry vpn sgo
        iface vpn-chiark sgo
        iface vpn-+ vpn
@@ -252,6 +253,16 @@ defnet default untrusted
        addr 2001:ba8:1d9::/48 #temporary
        via dmz unsafe untrusted jump colo
 
+## Satellite networks.
+defnet binswood noloop
+       addr 10.165.27.0/24
+       via colohub
+
+defhost mango
+       hosttype router
+       iface eth0 binswood default
+       iface vpn-precision colo
+
 m4_divert(80)m4_dnl
 ###--------------------------------------------------------------------------
 ### Special forwarding exemptions.