defnet vpn safe
addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
via househub colohub
- host crybaby 1 ::1:0
- host terror 2 ::2:0
- host orange 3 ::3:0
+ host crybaby 1 ::1:1
+ host terror 2 ::2:1
+ host orange 3 ::3:1
defnet anycast trusted
addr 172.29.199.224/27 2001:ba8:1d9:0::/64
via dmz unsafe safe untrusted jump colo vpn
run iptables -t nat -A outbound -j RETURN ! -s 172.29.198.0/23
run iptables -t nat -A outbound -j RETURN -d 62.49.204.144/28
run iptables -t nat -A outbound -j RETURN -d 172.29.198.0/23
+
+## An awful hack.
+##run iptables -t nat -A outbound -j DNETMAP --reuse \
+## -s 172.29.199.44 --prefix 62.49.204.157
+##run iptables -t nat -A outbound -j DNETMAP --reuse \
+## -s 172.29.198.34 --prefix 62.49.204.157
+##run iptables -t nat -A outbound -j DNETMAP --reuse \
+## -s 172.29.198.11 --prefix 62.49.204.157
+##run iptables -t nat -A PREROUTING -j DNETMAP
+
run iptables -t nat -A outbound -j SNAT --to-source 62.49.204.158
run iptables -t nat -A POSTROUTING -j outbound
~mdw / firewall / commitdiff